Windows : No Event Logs
Following Tools have the capability to fetch the associated logs
PS Read Line (to fetch PS commands)
Prefetch (from Cache : executed executables)
Shimcache
USN Journal (use velociraptor)
Last updated
Following Tools have the capability to fetch the associated logs
PS Read Line (to fetch PS commands)
Prefetch (from Cache : executed executables)
Shimcache
USN Journal (use velociraptor)
Last updated