425
Artifacts
Windows maintains connection history of wired and wireless network connections. Registry information here: https://www.dfir.training/resources/downloads/windows-registry
Open/saveMRU Hot
458
Artifacts
Tracks files that have been opened or saved within a Windows shell dialog box. ...
Prefetch Hot
1011
Artifacts
Prefetch files, like any other file in a file system, can be viewed from a digital forensic perspective to...
Recent apps Hot
652
"Program execution launched on a Win10 system is tracked in the RecentApps key" - https://www.andreafortuna.org/2018/05/23/forensic-artifacts-evidences-of-program-execution-on-windows-systems/ ...
Recycle Bin Hot
538
Artifacts
The Windows Recycle Bin contains files that have been deleted by the user, but not yet purged from...
runMRU Hot
480
Artifacts
"The MRU in MRU lists stands for "Most Recently Used." The MRU list is a Windows-based application that...
390
Artifacts
pstirparo/mac4n6 https://github.com/pstirparo/mac4n6 mac4n6 https://www.mac4n6.com/...
772
Artifacts
"The Microsoft Windows 8 operating system has a newly added feature to track system resource usage, specifically process and...
Ultimate Registry Forensics Cheat Sheet FeaturedHot
753
Artifacts
HUGE collection of registry artifacts related to forensics!
Unified Logs Hot
587
Artifacts
The new Unified Logging and Tracing System for iOS and macOS uses Activity Tracing for performance, consolidates kernel and...
Userassist Hot
536
Windows contains a number of registry entries under UserAssist that allows investigators to see what programs were recently...
572
Artifacts
"Timeline is like a browser history, but for your whole computer; it provides a chronology which not only contains...
Partners & Sponsors
