Windows Error Reporting Files

Overview

Evidence: Windows Error Reporting Files Description: Collect WER Files Category: System Platform: windows Short Name: wrrfls Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Windows Error Reporting (WER) files contain crash reports and error diagnostics from applications and system components. These files are stored when an application crashes or encounters an error, providing detailed information about the failure.

Data Collected

This collector gathers structured data about windows error reporting files.

Collection Method

This collector gathers WER files from the ReportArchive directory, which contains archived error reports with crash dumps and diagnostic information.

Forensic Value

WER files are valuable for identifying application crashes, system instability, and potential exploitation attempts. They can reveal malicious software behavior, vulnerable application versions, and system compromise indicators.

PreviousWindows Defender Logs NextWindows Index Search

Last updated 16 days ago

Was this helpful?