As a special feature of our blog—special guest postings by experts, clients, and other professionals—please enjoy this blog entry from Jonathan Karchmer, a senior managing consultant at iDiscovery Solutions.
Determining whether programs or malware actually ran on a system is an important goal of seasoned examiners when investigating computer evidence. Generally, there are several artifacts left behind anytime executables are run—regardless of whether the program is Outlook, Chrome, or something malicious. Today we’ll cover some artifacts we encounter on Windows systems. Continue Reading Locating Digital Breadcrumbs: Programs Can Run, But They Can’t Hide