Windows : No Event Logs
Following Tools have the capability to fetch the associated logs
PS Read Line (to fetch PS commands)
Prefetch (from Cache : executed executables)
Shimcache
USN Journal (use velociraptor)
Last updated
Was this helpful?
Following Tools have the capability to fetch the associated logs
PS Read Line (to fetch PS commands)
Prefetch (from Cache : executed executables)
Shimcache
USN Journal (use velociraptor)
Last updated
Was this helpful?