Parse and analyze BAM (Background Activity Moderator) data for timestamps, usn modifications and unsigned/flagged files with yara rules.
Analyze Windows Prefetch files for unsigned, flagged files using yara and timestamps for execution.
Track and analyze Program Compatibility Assistant Service executions and flag unsigned files, and flagged files using yara rules.
Analyze AppInfo and Diagtrack for flagged files with yara rules, all in instance.