Windows Forensic Artifacts: Unveiling Key Evidence
Pages Count
28 Pages
Links for the courses
Overview of the differences between various forensic artifacts:Â Â Click Me
----------------------------------------------------------------------------------------------------
Windows Prefetch Files: A Tracking Program Execution Blog Link Click me
Prefetch Analysis with PECmd and WinPrefetchView Tool link Click me
-----------------------------------------------------------------------------------------------------
Understanding ShellBags: A Goldmine in Investigations Blog Link Click Me
ShellBags Analysis ShellBags Explorer(SBE)/SBECmd Tool Link Click Me
-----------------------------------------------------------------------------------------------------
Windows LNK Files: A Treasure Forensic Investigators Blog Link Click Me
LECmd: A Powerful Tool for Investigating LNK Files Tool Link Click Me
---------------------------------------------------------------------------------------------------------
Windows Taskbar Jump Lists: A Forensic Goldmine Blog Link Click Me
Mastering JLECmd for Windows Jump List Forensics Tool Link Click Me
----------------------------------------------------------------------------------------------------------
Windows Recycle Bin Forensics: Recovering Deleted Files Blog Link  Click Me
Analyzing Recycle Bin Metadata with RBCmd and $I_Parse Tool Link  Click Me
---------------------------------------------------------------------------------------------------------
Shimcache   :  Blog Link Click me
Amcache.hiv :  Tool link  Click meÂ
---------------------------------------------------------------------------------------------------------
Hibernation Files :  Blog Link Click Me
-----------------------------------------------------------------------------------------------------
Artifacts File Opening/Creation P1Â : Click Me
Artifacts File Opening/Creation P2Â : Click Me
---------------------------------------------------------------------------
Artifacts file download P1Â : Click Me
Artifacts file download P2Â : Click Me
-------------------------------------------------------------------------------------------------------------
For a detailed investigation on USB, please refer to the link provided below.
https://www.cyberengage.org/courses-1/usb-forensics
-------------------------------------------------------------------------------------------------------------
Artifacts Program execution P1 : Â Click Me
Artifacts Program execution P2Â : Â Click Me
--------------------------------------------------------------------------
Artifacts Deleted file Knowledge P1:Â Â Click Me
Artifacts Deleted file Knowledge P2:  Click Me
---------------------------------------------------------------------------
 Artifacts for Account Usage : Click Me
---------------------------------------------------------------------------
Artifacts for Physical Location : Click Me
---------------------------------------------------------------------------
Uncovering Autostart Locations Win. : Click Me
User Access Logging (UAL) Artifact  : Click Me Â
Evidence of Execution: (PCA) Â Â Â Â Â : Click Me
​
Your Instructor
Dean
