Cyber Security Technologies Corporation (CST) is the innovation leader in affordable software products for computer investigations. CST was formed by industry veterans who see the need for new investigative tools designed for the changing investigative environment. We are dedicated to delivering technically advanced but easy-to-use software products for corporations, government agencies, service providers and law enforcement, as well as related training and certification. CST is an affiliate of Architecture Technology Corporation, a technology company specializing in software-intensive solutions for complex problems in IT security and high-security network computing applications. Learn more...
Examining the Detailed Process Information presented in Figure 11, Miller scrolls further down and notices that the Open Handles list does not include any file names, as shown in Figure 12. This means that, even though Microsoft Word is running, there is not an open file, or that the file currently open has not been saved. Miller is suspicious about this, and believes that Wallace is deliberately attempting to hide some illicit activity.
Figure 12 - Open Handles (WINWORD.EXE)
Miller is familiar with Microsoft Word and wants to see the list of files that have most recently been accessed by Word. It's possible that Wallace isn't aware of this Registry value, and hasn't made attempts to cover it up. To see this information, Miller goes to the "registry tree walk" link.
