4N6Post Artifacts

Comprehensive digital forensics articles covering Windows forensics, registry analysis, MFT analysis, artifact examination, and DFIR techniques.

MRU (Most Recently Used)

Comprehensive guide to MRU (Most Recently Used) registry forensics for tracking user activity. Learn registry locations, forensic analysis techniques, and how to investigate recent file access patterns.

  • 4n6
  • digital forensics
  • windows forensics
MRU (Most Recently Used)

Amcache.hve

Complete guide to Amcache.hve forensic analysis for tracking application execution. Learn file locations, registry keys, AmcacheParser tool usage, and DFIR investigation techniques.

  • registry
  • 4n6
  • digital forensics
Amcache.hve

ShellBags Registry

Comprehensive guide to ShellBags forensic analysis in Windows Registry. Learn folder access tracking, ShellBags Explorer tool usage, external device detection, and DFIR investigation techniques.

  • forensics
  • registry
  • shellbags
ShellBags Registry

KAPE to SOF-ELK

Step-by-step guide for uploading forensic evidence to SOF-ELK using KAPE. Covers advanced MFT, EVTX, and timeline analysis for incident response and digital forensics investigations.

  • SOF-ELK
  • KAPE
  • Digital Forensics
KAPE to SOF-ELK

Registry- SYSTEM Select

Detailed guide to Windows Registry SYSTEM Select key forensic analysis. Learn Current, Default, Failed, and LastKnownGood ControlSet tracking for DFIR investigations and system troubleshooting.

  • 4n6
  • digital forensics
  • windows registry
Registry- SYSTEM Select

Registry- Start, Shutdown, and Reboot

Complete guide to Windows registry forensics for tracking system start, shutdown, and reboot events. Learn ShutdownCount, LastBootUpTime registry keys, and DFIR timeline analysis techniques.

  • 4n6
  • digital forensics
  • windows forensics
Registry- Start, Shutdown, and Reboot

ShimCache

Complete guide to ShimCache (Application Compatibility Cache) forensic analysis. Learn AppCompatCache registry parsing, execution tracking, AppCompatCacheParser usage, and DFIR investigation techniques.

  • 4n6
  • digital forensics
  • windows forensics
ShimCache

Windows OS Install Date & Time Registry Analysis

Complete guide to Windows OS install date and time forensic analysis via registry. Learn InstallDate and InstallTime registry keys, conversion techniques, and timeline establishment for DFIR investigations.

  • 4n6
  • digital forensics
  • windows forensics
Windows OS Install Date & Time Registry Analysis

Ad Disabling Tailored Experience

Guide to disabling ads and controlling tailored experience in Windows via registry tweaks. Learn forensic implications, privacy settings, and how to optimize Windows forensics investigations.

  • registry
  • 4n6
  • digital forensics
Ad Disabling Tailored Experience

Enable Windows BSOD Detail

Step-by-step guide to enabling detailed Blue Screen of Death (BSOD) information in Windows through registry modifications. Essential for forensic analysis, troubleshooting, and crash investigation.

  • registry
  • 4n6
  • digital forensics
Enable Windows BSOD Detail

File and Folder Opening - Link Files (LNK)

Complete guide to LNK file forensic analysis for tracking file access and user activity. Learn LNK file structure, LECmd tool usage, malware detection, and DFIR investigation techniques.

  • 4n6
  • digital forensics
  • windows forensics
File and Folder Opening - Link Files (LNK)

JumpList Forensics

Comprehensive guide to JumpList forensic analysis for tracking user activity and recent files. Learn AutomaticDestinations, CustomDestinations, JLECmd usage, and DFIR investigation techniques.

  • 4n6
  • digital forensics
  • windows forensics
JumpList Forensics

MFT

Complete guide to NTFS Master File Table (MFT) analysis for digital forensics. Learn MFT structure, forensic artifacts, timeline analysis, and tools like MFTECmd for DFIR investigations.

  • 4n6
  • digital forensics
  • windows forensics
MFT

Prefetch

Complete guide to Windows Prefetch forensics for tracking application execution. Learn prefetch structure, forensic analysis techniques, PECmd usage, and DFIR investigation methods.

  • 4n6
  • digital forensics
  • windows forensics
Prefetch

Recycling.Bin / Recycler

In-depth guide to Windows Recycling Bin forensic analysis. Learn $I and $R file structures, MFT connections, RBCmd tool usage, file recovery techniques, and DFIR investigation methods.

  • 4n6
  • digital forensics
  • windows forensics
Recycling.Bin / Recycler

Registry- RunMRU

Complete guide to RunMRU registry forensic analysis for tracking command execution history. Learn Run dialog artifacts, malware detection techniques, and DFIR investigation methods for Windows forensics.

  • forensics
  • windows
  • registry
Registry- RunMRU

Registry- UserAssist

Complete guide to UserAssist registry analysis for digital forensics. Learn how Windows tracks program execution, forensic artifacts, and DFIR investigation techniques for UserAssist entries.

  • UserAssist
  • Explorer UserAssist
  • NTUSER.DAT
Registry- UserAssist

SysInternals Tools Registry Forensics

Comprehensive guide to SysInternals tools for Windows forensics. Learn registry artifacts, forensic analysis techniques, and DFIR investigation methods for tracking SysInternals tool usage.

  • 4n6
  • digital forensics
  • windows forensics
SysInternals Tools Registry Forensics

TimeZone Information

Complete guide to TimeZoneInformation registry forensic analysis. Learn timezone tracking, UTC calculations, daylight saving time detection, and timestamp normalization for DFIR investigations.

  • 4n6
  • digital forensics
  • windows forensics
TimeZone Information

TypedPath Registry

Comprehensive guide to TypedPaths registry forensic analysis for tracking user navigation history. Learn Explorer address bar artifacts, path tracking, and DFIR investigation techniques for Windows forensics.

  • 4n6
  • digital forensics
  • windows forensics
TypedPath Registry

Windows Border Size Modification

Guide to Windows border size modification through registry analysis. Learn WindowMetrics registry keys, user customization tracking, and forensic investigation techniques for visual preference artifacts.

  • 4n6
  • digital forensics
  • windows forensics
Windows Border Size Modification

Windows Generic Installation Keys

Complete reference guide to Windows generic installation keys (GVLKs) for KMS activation. Essential resource for forensic analysis of Windows licensing, deployment validation, and DFIR investigations.

  • 4n6
  • digital forensics
  • windows forensics

Windows USB Connection Analysis

Comprehensive guide to Windows USB forensic analysis. Learn USBSTOR registry, setupapi.dev.log parsing, MountedDevices tracking, and external device investigation for DFIR.

  • 4n6
  • digital forensics
  • windows forensics
Windows USB Connection Analysis

WMI Filter Query Consumer

Complete guide to WMI forensic analysis for detecting malicious persistence. Learn WMI event filters, consumers, bindings, Objects.data parsing, and DFIR investigation techniques for Windows forensics.

  • 4n6
  • digital forensics
  • windows forensics
WMI Filter Query Consumer

WordWheelQuery

Comprehensive guide to WordWheelQuery registry forensic analysis for tracking Windows search history. Learn search term extraction, user intent analysis, and DFIR investigation techniques.

  • 4n6
  • digital forensics
  • windows forensics
WordWheelQuery