Everything History
Overview
Section titled “Overview”Evidence: Everything History
Description: Collect Everything Run History
Category: Applications
Platform: windows
Short Name: evryh
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Everything is a popular file search tool that maintains a history of executed files and applications in Run History.csv. This file tracks programs launched through Everything’s interface.
Data Collected
Section titled “Data Collected”This collector gathers structured data about everything history.
Collection Method
Section titled “Collection Method”This collector gathers the Run History.csv file from Everything’s application data directories containing execution history.
Forensic Value
Section titled “Forensic Value”Everything run history reveals programs executed, file paths accessed, and search queries. This helps identify tools used, files accessed, and can reveal execution of malicious tools or scripts.