845
Artifacts
Windows maintains connection history of wired and wireless network connections. Registry information here: https://www.dfir.training/resources/downloads/windows-registry
Open/saveMRU Hot
854
Artifacts
Tracks files that have been opened or saved within a Windows shell dialog box. ...
Prefetch Hot
1839
Artifacts
Prefetch files, like any other file in a file system, can be viewed from a digital forensic perspective to...
Recent apps Hot
1028
"Program execution launched on a Win10 system is tracked in the RecentApps key" - https://www.andreafortuna.org/2018/05/23/forensic-artifacts-evidences-of-program-execution-on-windows-systems/ ...
Recycle Bin Hot
914
Artifacts
The Windows Recycle Bin contains files that have been deleted by the user, but not yet purged from...
runMRU Hot
824
Artifacts
"The MRU in MRU lists stands for "Most Recently Used." The MRU list is a Windows-based application that...
621
Artifacts
pstirparo/mac4n6 https://github.com/pstirparo/mac4n6 mac4n6 https://www.mac4n6.com/...
1638
Artifacts
"The Microsoft Windows 8 operating system has a newly added feature to track system resource usage, specifically process and...
Ultimate Registry Forensics Cheat Sheet FeaturedHot
1558
Artifacts
HUGE collection of registry artifacts related to forensics!
Unified Logs Hot
1300
Artifacts
The new Unified Logging and Tracing System for iOS and macOS uses Activity Tracing for performance, consolidates kernel and...
Userassist Hot
1135
Windows contains a number of registry entries under UserAssist that allows investigators to see what programs were recently...
1050
Artifacts
"Timeline is like a browser history, but for your whole computer; it provides a chronology which not only contains...
Partners & Sponsors
