Mobile Forensics
Mobile Forensics
Mobile ForensicsMobile Forensics (Español)Análise Forense Rápida (Português)Mobile Forensics (Français)Mobile Forensics (اَلْعَرَبِيَّةُ)
Mobile Forensics
Mobile ForensicsMobile Forensics (Español)Análise Forense Rápida (Português)Mobile Forensics (Français)Mobile Forensics (اَلْعَرَبِيَّةُ)
  • Introduction
  • Preparations
    • Knowledge
    • Safety
    • Trust
    • Backup
  • Methodology
  • Checking Windows Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Network Connections
    • Extract Data for Further Analysis
  • Checking Mac Computers
    • Review Programs Launching at Startup
    • Review Running Processes
    • Review Kernel Extensions
    • Review Network Connections
    • Review XProtect Logs
    • Extract Data for Further Analysis
  • Checking Smartphones
    • Note: curriculum
    • Smartphone System Architecture
    • Check Devices Linked to Chat Applications
    • Check for Suspicious Messages
    • Monitor Network Traffic
    • Note: Monitoring Network Traffic on Linux
  • Checking Android Devices Basic
    • Review Installed Applications
    • Check Storage
    • Check if the Phone is under Android Device Policy
    • Check if the Phone is Rooted
    • Check if Developer Options is Enabled
    • Analyze Applications
    • Extract Data for Further Analysis
    • Optional : Check for Indicators of Stalkerware Installation
  • Checking Android Devices Advanced
    • Wireshark
    • MVT
    • Other Tools
  • Checking iOS Devices
    • Review iCloud Accounts
    • Review Installed Applications
    • Check for Mobile Device Management Profiles
    • Check for Shortcuts
    • Check for Jailbreaks
    • Enable and Check App Privacy Report
    • Extract Data for Further Analysis
    • Analyzing Extracted Data
    • About Lockdown Mode
  • Checking Devices Remotely
    • Mac Computers
    • Android
  • Concluding a Forensic Gathering
  • References and Further Learning
  • License and Credits
Powered by GitBook
On this page

Checking Windows Computers

Note: This section is also available in French, Spanish, Brazilian Portuguese, and Arabic.

In this section we will go through some of the basic steps to take when checking a suspected Windows computer. Following are the tools (with links to their respective download pages) we are going to demonstrate here:

  • Sysinternals Autoruns produced by Microsoft.

  • Sysinternals Process Explorer produced by Microsoft.

  • CrowdInspect produced by CrowdStrike.

  • Sysinternals TCPView produced by Microsoft.

  • pcqf (originally SnoopDigg) produced by Claudio Guarnieri. (Last updated in 2021.)

PreviousMethodologyNextReview Programs Launching at Startup

Last updated 1 month ago