Forensic Artifacts

Windows maintains connection history of wired and wireless network connections. Registry information here: https://www.dfir.training/resources/downloads/windows-registry

Tracks files that have been opened or saved within a Windows shell dialog box. ...

Prefetch files, like any other file in a file system, can be viewed from a digital forensic perspective to...

"Program execution launched on a Win10 system is tracked in the RecentApps key" - https://www.andreafortuna.org/2018/05/23/forensic-artifacts-evidences-of-program-execution-on-windows-systems/ ...

The Windows Recycle Bin contains files that have been deleted by the user, but not yet purged from...

"The MRU in MRU lists stands for "Most Recently Used." The MRU list is a Windows-based application that...

pstirparo/mac4n6 https://github.com/pstirparo/mac4n6 mac4n6 https://www.mac4n6.com/...

Safari cache URL response

"The Microsoft Windows 8 operating system has a newly added feature to track system resource usage, specifically process and...

Time zone information

Windows contains a number of registry entries under UserAssist that allows investigators to see what programs were recently...

"Timeline is like a browser history, but for your whole computer; it provides a chronology which not only contains...