Winrar History

Overview

Evidence: WinRAR History Description: Enumerate WinRAR History Category: Applications Platform: windows Short Name: wnrrhst Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

WinRAR registry values track archived, extracted, opened archives and last folders. This data is essential for understanding archive usage and potential data exfiltration.

Data Collected

This collector gathers structured data about winrar history.

Collection Method

This collector enumerates WinRAR-related registry keys under HKLM/HKU per SID, across views, recording values and key last write times into WinRAR sections.

Forensic Value

This evidence is crucial for forensic investigations as it reveals user interactions with archives, including paths and timelines.

PreviousWindows Timeline NextWireless Connection History

Last updated 3 days ago

Was this helpful?