Windows evidence types

The following categories contain descriptions of the types of evidence that the Incident Response Evidence Collection playbook, Collect Evidence task, and Trend Micro Incident Response Toolkit collect from Windows endpoints. These evidence types appear in columns after selecting an evidence category when examining an Evidence Report.

• Basic Information
• File Timeline
• Process Information
• Service Information
• System Execution Information
• Portable Executable (PE) File Attributes

  Note Multiple evidence categories can incorporate PE file attributes.