Everything History

Overview

Evidence: Everything History Description: Collect Everything Run History Category: Applications Platform: windows Short Name: evryh Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Everything is a popular file search tool that maintains a history of executed files and applications in Run History.csv. This file tracks programs launched through Everything's interface.

Data Collected

This collector gathers structured data about everything history.

Collection Method

This collector gathers the Run History.csv file from Everything's application data directories containing execution history.

Forensic Value

Everything run history reveals programs executed, file paths accessed, and search queries. This helps identify tools used, files accessed, and can reveal execution of malicious tools or scripts.