top of page

Windows Forensic Artifacts: Unveiling Key Evidence

Pages Count

28 Pages

Links for the courses

Overview of the differences between various forensic artifacts:  Click Me

----------------------------------------------------------------------------------------------------

Windows Prefetch : Blog Link Click me

directory Analysis :   Tool link  Click me

-----------------------------------------------------------------------------

Hibernation Files :   Blog Link Click Me

-----------------------------------------------------------------------------

Shell Bags          :   Blog Link Click Me

SBECmd.exe     :   Tool Link  Click Me

----------------------------------------------------------------------------

Lnk Files            :   Blog Link  Click Me

LECmd.exe       : Took Link  Click Me

---------------------------------------------------------------------------

Artifacts File Opening/Creation P1 : Click Me

Artifacts File Opening/Creation P2 : Click Me

---------------------------------------------------------------------------

Artifacts file download P1 : Click Me

Artifacts file download P2 : Click Me

---------------------------------------------------------------------------

Artifacts for USB or Drive Usage P1 :  Click Me

Artifacts for USB or Drive Usage P2 : Click Me

---------------------------------------------------------------------------

Shimcache    :   Blog Link Click me

Amcache.hiv :   Tool link  Click me 

---------------------------------------------------------------------------

Jump list Files  : Blog Link Click Me

JLECmd.exe     : Tool Link  Click Me

---------------------------------------------------------------------------

Recycle Bin       : Blog Link  Click Me

Forensic            : Tool Link   Click Me

--------------------------------------------------------------------------

Artifacts Program execution P1 :  Click Me

Artifacts Program execution P2 :  Click Me

--------------------------------------------------------------------------

Artifacts Deleted file Knowledge P1:   Click Me

Artifacts Deleted file Knowledge P2:    Click Me

---------------------------------------------------------------------------

 Artifacts for Account Usage :  Click Me

---------------------------------------------------------------------------

Artifacts for Physical Location : Click Me

---------------------------------------------------------------------------

Uncovering Autostart Locations Win. : Click Me

User Access Logging (UAL) Artifact   : Click Me  

Evidence of Execution: (PCA)           : Click Me

​

Your Instructor

Dean

Dean
bottom of page