±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36595
New Yesterday: 0 Visitors: 138

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

windows event : microsoft-windows-diagnosis-dps and registry

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

qassam22222
Senior Member
 

windows event : microsoft-windows-diagnosis-dps and registry

Post Posted: Jun 28, 19 23:20

hello all ...
i work on case in a windows 7 machine when i try to find the pluged USB's to that PC ... i found a lot of them conncted at the same time exactly and this is impossible ... so i convert my image to log timeline :




the before last event before windows start update registry key's is :
[105 / 0x0069] Source Name: Microsoft-Windows-Diagnosis-DPS Strings: ['{180B3A99-8C39-4F12-B631-2031998EFE45}' '{34A44436-A960-49FF-B6AD-724E6983349C}' '{00000000-0000-0000-0000-000000000000}' '%windir%\system32\radardt.dll' '{45DE1EA9-10BC-4F96-9B21-4B6B83DBF476}'] Computer Name: XXXXXXXX Record Number: 103782 Event Level: 4


when i search about Microsoft-Windows-Diagnosis-DPS i found this :

Description : Diagnostic module %5 (%4) started troubleshooting scenario %1, instance %2, original activity ID %3.

Cause :
This event is logged when diagnostic module started troubleshooting scenario.
Resolution :
This is a normal condition. No further action is required.

source : kb.eventtracker.com/ev..._61660.asp
and then it follows by this event before modifying registry keys ..
[21024 / 0x5220] Source Name: OpsMgr Connector Strings: ['PMOSCOM' 'bb3e246a60ea42e78ed5604a41dde836 926e39ad130e4459b5ff88bf961a27fa:00001A66'] Computer Name: XXXXXX Record Number: 163705 Event Level: 4

when i read about event id 21024 i found this info :

Event Type: Information
Event Source: OpsMgr Connector
Event Category: None
Event ID: 21024

Description:
OpsMgr's configuration may be out-of-date for management group RON, and has
requested updated configuration from the Configuration Service. The
current(out-of-date) state cookie is "4E DC AB E6 FC F2 95 CE CF 02 D3 DE 6D
1E F7 3B 20 7D 22 F5 "

source :https://microsoft.public.opsmgr.setup.narkive.com/DtC9VIJ3/opsmgr-2007-installation-issue-event-id-21024

check the screenshot :


so can anyone explain what happens there !!  
 

Page 1 of 1