Incident Response with EZTools - WxTCmd
WxTCmd is bundled with EZTools. This tool is a Windows 10 timeline database parser.
Windows 10 Timeline is a feature in Windows 10 that displays user activity and makes it possible to quickly return to previous documents, programs, videos, images, and websites.
From an incident response perspective, we may want to gather or recover evidence of an activity that happened inside our suspected endpoint before behaving in such odd behavior.