The script opens the rp.log file within each directory and retrieves the description of the restore point and the date that the restore point was created. The description for the restore point can be useful to the investigator, particularly if he’s looking for information regarding the installation or removal of an application. System restore points will be created when applications and unsigned drivers are installed, when a Windows AutoUpdate installation is performed, and when a restore operation is performed. #Prodiscover basic download 64 bit drivers Restore points can also be created manually. When a restore point is created, a description of the event that caused the restore point creation is written to the rp.log file. Many times, you’ll see the description System Checkpoint, which is the restore point that is created by Windows XP every 24 hours (default setting). The description Software Distribution Service refers to Windows Updates being installed. #Prodiscover basic download 64 bit software I’ve also seen descriptions such as Installed QuickTime, Removed ProDiscover 4.8a, and Installed Windows Media Player 11 on systems. The description might tell the investigator the date that a particular application was installed or removed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |