DG Wingman is a free community Windows tool designed to aid in the collection of forensic evidence in order to properly investigate and scope an intrusion. This utility enables you to extract and analyze artifacts of interest such as:
Master File Table ($MFT)
Windows Events Logs
And many more
You also have the option to execute custom commands as SYSTEM, or run a full scan of the endpoint and collect metadata from portable executable files such as hashes, certificates, and more.