4N6Post Artifacts

In-depth guide to Security Account Manager (SAM) database forensics. Learn password hash extraction, account analysis, authentication forensics, and SAM parsing techniques for DFIR investigations. Explore tools, methods, and best practices for handling SAM data in Windows systems.

Comprehensive guide to MRU (Most Recently Used) registry forensics for tracking user activity. Learn registry locations, forensic analysis techniques, and how to investigate recent file access patterns.

Complete guide to Amcache.hve forensic analysis for tracking application execution. Learn file locations, registry keys, AmcacheParser tool usage, and DFIR investigation techniques.

Comprehensive guide to ShellBags forensic analysis in Windows Registry. Learn folder access tracking, ShellBags Explorer tool usage, external device detection, and DFIR investigation techniques.

Step-by-step guide for uploading forensic evidence to SOF-ELK using KAPE. Covers advanced MFT, EVTX, and timeline analysis for incident response and digital forensics investigations.

Detailed guide to Windows Registry SYSTEM Select key forensic analysis. Learn Current, Default, Failed, and LastKnownGood ControlSet tracking for DFIR investigations and system troubleshooting.

Complete guide to Windows registry forensics for tracking system start, shutdown, and reboot events. Learn ShutdownCount, LastBootUpTime registry keys, and DFIR timeline analysis techniques.

Complete guide to ShimCache (Application Compatibility Cache) forensic analysis. Learn AppCompatCache registry parsing, execution tracking, AppCompatCacheParser usage, and DFIR investigation techniques.

Complete guide to Windows OS install date and time forensic analysis via registry. Learn InstallDate and InstallTime registry keys, conversion techniques, and timeline establishment for DFIR investigations.

Guide to disabling ads and controlling tailored experience in Windows via registry tweaks. Learn forensic implications, privacy settings, and how to optimize Windows forensics investigations.

Step-by-step guide to enabling detailed Blue Screen of Death (BSOD) information in Windows through registry modifications. Essential for forensic analysis, troubleshooting, and crash investigation.

Complete guide to LNK file forensic analysis for tracking file access and user activity. Learn LNK file structure, LECmd tool usage, malware detection, and DFIR investigation techniques.

Comprehensive guide to JumpList forensic analysis for tracking user activity and recent files. Learn AutomaticDestinations, CustomDestinations, JLECmd usage, and DFIR investigation techniques.

Complete guide to NTFS Master File Table (MFT) analysis for digital forensics. Learn MFT structure, forensic artifacts, timeline analysis, and tools like MFTECmd for DFIR investigations.

Complete guide to Windows Prefetch forensics for tracking application execution. Learn prefetch structure, forensic analysis techniques, PECmd usage, and DFIR investigation methods.

In-depth guide to Windows Recycling Bin forensic analysis. Learn $I and $R file structures, MFT connections, RBCmd tool usage, file recovery techniques, and DFIR investigation methods.

Complete guide to RunMRU registry forensic analysis for tracking command execution history. Learn Run dialog artifacts, malware detection techniques, and DFIR investigation methods for Windows forensics.

Complete guide to UserAssist registry analysis for digital forensics. Learn how Windows tracks program execution, forensic artifacts, and DFIR investigation techniques for UserAssist entries.

Comprehensive guide to SysInternals tools for Windows forensics. Learn registry artifacts, forensic analysis techniques, and DFIR investigation methods for tracking SysInternals tool usage.

Complete guide to TimeZoneInformation registry forensic analysis. Learn timezone tracking, UTC calculations, daylight saving time detection, and timestamp normalization for DFIR investigations.

Comprehensive guide to TypedPaths registry forensic analysis for tracking user navigation history. Learn Explorer address bar artifacts, path tracking, and DFIR investigation techniques for Windows forensics.

Guide to Windows border size modification through registry analysis. Learn WindowMetrics registry keys, user customization tracking, and forensic investigation techniques for visual preference artifacts.

Complete reference guide to Windows generic installation keys (GVLKs) for KMS activation. Essential resource for forensic analysis of Windows licensing, deployment validation, and DFIR investigations.

Comprehensive guide to Windows USB forensic analysis. Learn USBSTOR registry, setupapi.dev.log parsing, MountedDevices tracking, and external device investigation for DFIR.

Complete guide to WMI forensic analysis for detecting malicious persistence. Learn WMI event filters, consumers, bindings, Objects.data parsing, and DFIR investigation techniques for Windows forensics.

Comprehensive guide to WordWheelQuery registry forensic analysis for tracking Windows search history. Learn search term extraction, user intent analysis, and DFIR investigation techniques.