Posted: Mon Sep 22, 2014 6:39 am Post subject: Forensic scripts and tasks
Sorry if my question is very basic but I need to know the following:
How is posible to know if a script was executed in a Windows Machine using WMI, wscript or cscript? I mean, where do you have to search to know exactly that a script was executed, from where (local or remote), what processes and what kind of logs were generated? Is there any place of the Windows registry that can help to search this?
Is there any method to execute hidden tasks using the Windows Scheduler? How to know if someone is using this method? Is there more locations apart from autostart points in the registry that can be used to execute scheduled tasks?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum