Unknown – Page 2 – WindowsTechs.com

Releasing Open Source Tools to the Community

Posted on December 10, 2025 by Unknown

Every now and then, I get contacted by someone who tells me that they used the open source tools I’ve released in either a college course they took, or in a course provided by one of the many training vendors in the industry. I even once responded… Continue reading Releasing Open Source Tools to the Community→

Intel in LNK Files

Posted on November 29, 2025 by Unknown

I was reading a pretty interesting write-up from Seqrite regarding, in part, the use of pseudo-polyglot documents. In this case, delivery occurred via ZIP archive that contains an LNK file and a PNG file. The PNG file is pseudo-polyglot file in questio… Continue reading Intel in LNK Files→

Registry: FeatureUsage

Posted on November 26, 2025 by Unknown

Maurice posted on LinkedIn recently about one of the FeatureUsage Registry key subkeys; specifically, the AppSwitched subkey. Being somewhat, maybe even only slightly aware of the Windows Registry, I read the post with casual, even mild inter… Continue reading Registry: FeatureUsage→

Unprecedented Complexity

Posted on November 26, 2025 by Unknown

I saw it again, just today. Another post on social media stating that IT teams/defenders “face unprecedented complexity”. This one stood out amongst all of the posts proclaiming the need for agentic AI on the defender’s side, due to how these… Continue reading Unprecedented Complexity→

Thoughts on Analysis

Posted on November 26, 2025 by Unknown

Warning – before you get started reading this blog post, it’s only fair that I warn you…in this post, I make the recommendation that you document your analysis process. If you find this traumatic, you might want to just move on. ;-)Robert Jan Mora, a… Continue reading Thoughts on Analysis→

Images

Posted on November 13, 2025 by Unknown

In writing Investigating Windows Systems, published in 2018, I made use of publicly available images found on the Internet. Some were images posted as examples of techniques, others were posted by professors running courses, and some were from CTFs. If… Continue reading Images→

File Formats

Posted on November 12, 2025 by Unknown

I’m a huge fan of MS file formats, mostly because they provide for the possibility of an immense (and often untapped, unexploited) amount of metadata. Anyone who’s followed me for any length of time, or has read my blog, knows that I’m a huge fan of fi… Continue reading File Formats→

What We Value

Posted on November 10, 2025 by Unknown

Over the passed couple of days, I’ve had images pop up in my feed showing people’s workstations, most often with multiple screens. I’ve seen various configurations, some with three or more screens, but the other thing I’ve noted is that for those socia… Continue reading What We Value→

Analysis Playbooks: USB

Posted on November 3, 2025 by Unknown

In 2005, Cory Altheide and I published the first peer-reviewed paper to address tracking USB devices on Windows systems. Over the years, it’s been pretty amazing to see not only the artifacts expand and evolve, but to also see folks pick up the baton a… Continue reading Analysis Playbooks: USB→

Registry Analysis

Posted on October 31, 2025 by Unknown

First off, what is “analysis”? I submit that “analysis” is what happens when an examiner has investigative goals and context, and applies this, along with their knowledge and experience, to a data set. This can be anything, from a physical image of a m… Continue reading Registry Analysis→