DFSP # 458 Shellbags and PCA

Digital Forensic Survival Podcast - A podcast by Digital Forensic Survival Podcast - Tuesdays

Categories:

In this episode, we’ll dive into two essential forensic artifacts in Windows: shellbags and the Program Compatibility Assistant (PCA). Shell bags provide valuable evidence of file and folder access, offering insights into user activity and file navigation. We’ll also explore PCA, which can reveal important information about file execution history. Together, these artifacts play a crucial role in uncovering key forensic details during investigations.