Shlomi Boutnaru, Ph.D.The Windows Process Journey — “taskhostw.exe” (Host Process for Windows Tasks)“taskhostw.exe” (Host Process for Windows Tasks) is a PE binary located at “%windir%\system32\taskhostw.exe”. It is responsible for…2 min read·8 hours ago----
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — Linux File TypesAs we know the philosophy of Linux is that “Everything is a file”. However, not all files are created equally. We have 7 different file…1 min read·1 day ago----
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — Builtin Kernel ModulesIn general, we can compile a kernel module…2 min read·1 day ago----
Shlomi Boutnaru, Ph.D.The Windows Security Journey — Local User AccountIn general, a “Local User Account” is a Windows account which was created on the local device. This type of account can only logon to a…2 min read·2 days ago----
Shlomi Boutnaru, Ph.D.The Windows Concept Journey — Windows ApplicationsThere are different types of Windows applications, which we can execute on Windows based devices. Among those types we can find…1 min read·3 days ago----
Shlomi Boutnaru, Ph.D.The Windows Security Journey — NTFS (New Technology File System) PermissionsNTFS (New Technology File System) is the default file system used on Windows based devices…2 min read·4 days ago----
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “ProfileList” (User’s Profiles List)“ProfileList” is a registry key (https://medium.host/@boutnaru/the-windows-concept-journey-registry-0767e79387a9) that holds information…1 min read·5 days ago----
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “LastUsedUsername” (Username of the Last Logged On User to the…“LastUsedUsername” is a value name in the registry (https://medium.host/@boutnaru/the-windows-concept-journey-registry-0767e79387a9) that…1 min read·6 days ago----
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “isoburn.exe” (Windows Disc Image Burning Tool)“isoburn.exe” (Windows Disc Image Burning Tool) is a PE binary located in “%windir%\System32\isoburn.exe”. It is used for burning ISO…1 min read·May 26, 2024----
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — “Map Network Drive MRU” (Recently Mapped Network Drives)“Map Network Drive MRU” is a Windows registry key which stores information about the recently mapped network drives. A network drive is…2 min read·May 25, 2024----