tag:blogger.com,1999:blog-9518042.post3097546025469872145..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Application Forensic ArtifactsUnknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-9518042.post-64935255559324929792009-02-20T07:48:00.000-05:002009-02-20T07:48:00.000-05:00Andi,True, but as an analyst, I can only give the ...Andi,<BR/><BR/>True, but as an analyst, I can only give the facts of what I know and have observed based on my analysis; someone else will have to determine who was sitting at the keyboard, logged in via the user account in question.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-14469027184405394052009-02-19T16:04:00.000-05:002009-02-19T16:04:00.000-05:00This still only gives us proof that a file was ope...This still only gives us proof that a file was opened by an app on their computer.. the trail of evidence stops at the computer, not the person. <BR/><BR/><A HREF="http://www.ohesso.com/essays/essay006.htm" REL="nofollow">Maybe the cat did it.</A><BR/><BR/>Heh.Andi Baritchihttps://www.blogger.com/profile/17513081942793368735noreply@blogger.com