Shlomi Boutnaru, Ph.D.The Windows Concept Journey — Windows ApplicationsThere are different types of Windows applications, which we can execute on Windows based devices. Among those types we can find…1 min read·9 hours ago----
Shlomi Boutnaru, Ph.D.The Windows Security Journey — NTFS (New Technology File System) PermissionsNTFS (New Technology File System) is the default file system used on Windows based devices…2 min read·1 day ago----
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “ProfileList” (User’s Profiles List)“ProfileList” is a registry key (https://medium.com/@boutnaru/the-windows-concept-journey-registry-0767e79387a9) that holds information…1 min read·2 days ago----
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “LastUsedUsername” (Username of the Last Logged On User to the…“LastUsedUsername” is a value name in the registry (https://medium.com/@boutnaru/the-windows-concept-journey-registry-0767e79387a9) that…1 min read·3 days ago----
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “isoburn.exe” (Windows Disc Image Burning Tool)“isoburn.exe” (Windows Disc Image Burning Tool) is a PE binary located in “%windir%\System32\isoburn.exe”. It is used for burning ISO…1 min read·4 days ago----
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “Map Network Drive MRU” (Recently Mapped Network Drives)“Map Network Drive MRU” is a Windows registry key which stores information about the recently mapped network drives. A network drive is…2 min read·5 days ago----
Shlomi Boutnaru, Ph.D.The Windows Concept Journey — User ProfileThe first time a user logs on to a Windows device a user profile is created. At every subsequent logon the operating system loads the…2 min read·5 days ago----
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — Typed Paths“Typed Paths” is a Windows registry key which tracks the last 25 paths that have been entered into the path bar of “File Explorer”…1 min read·5 days ago----
Shlomi Boutnaru, Ph.D.The AWS Concept Journey — Amazon EBS (Elastic Block Storage)Amazon EBS (Elastic Block Storage) provides easy to use/high performance block storage at any scale. It is a service designed specifically…2 min read·6 days ago----
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “TrustedInstaller.exe” (Windows Modules Installer)“TrustedInstaller.exe” (Local Security Authority Subsystem Service) is a PE binary located in “%windir%\servicing\TrustedInstaller.exe”…1 min read·6 days ago----