4n6
MRU (Most Recently Used)
The MRU (Most Recently Used) registry is a database in Microsoft Windows that stores information about recently opened files, URLs, and other items. …
Amcache.hve
Amcache.hve is a forensic artifact that can be used to uncover valuable information about a computer system, both in normal and malicious use cases. …
Registry- SYSTEM Select
Windows Registry SYSTEM Select Key Analysis The Windows Registry is a hierarchical database that stores configuration information for the operating …
Registry- Start, Shutdown, and Reboot
Windows Registry: System Start, Shutdown, and Reboot Tracking The Windows registry is a hierarchical database that stores configuration settings for …
ShimCache
ShimCache - Windows Application Compatibility Cache for Digital Forensics Shimcache is a Windows artifact that stores information about programs that …
Windows OS Install Date & Time Registry Analysis
The Windows registry is a central repository of configuration data for the Windows operating system and its applications. One important aspect of the …
Ad Disabling Tailored Experience
Customizing Windows: Ad Disabling and Tailored Experience In the realm of Windows customization, users often seek ways to tailor their experience to …
Enable Windows BSOD Detail
Introduction By default, Windows displays a simple emoticon (smiley face) when a Blue Screen of Death (BSOD) occurs. However, if you prefer to see …
File and Folder Opening - Link Files (LNK)
Windows users are likely familiar with .lnk files, also known as LNK Link files. These files are shortcuts that point to another file or folder on the …
JumpList Forensics
JumpList Forensics JumpList is a feature of Microsoft Windows operating systems that allows users to quickly access frequently used files, folders, …
MFT
MFT Analysis - Master File Table Forensics Guide The $MFT, or Master File Table, plays a crucial role in the NTFS (New Technology File System) …
Prefetch
Windows Prefetch Analysis - Digital Forensics Execution Tracking Windows Prefetch is a feature in the Windows operating system that was first …
Recycling.Bin / Recycler
The Recycling Bin is a well-known feature in Windows operating systems that acts as a temporary storage location for deleted files. However, what many …
Registry- UserAssist
UserAssist Registry Analysis - Windows Program Execution Tracking UserAssist is a feature of the Windows operating system that keeps track of the …
SysInternals Tools Registry Forensics
SysInternals Tools - Registry Forensics and Analysis What is SysInternals? SysInternals is a suite of advanced system utilities for Microsoft Windows …
TimeZone Information
The Windows registry is a critical component of the Windows operating system. It stores important configuration data and settings that help the …
TypedPath Registry
Registry Section of TypedPath: Understanding Its Importance in Digital Forensics The registry is an important aspect of a computer’s operating …
Windows Border Size Modification
Exploring Windows Border Size Modification Welcome to our exploration of a subtle yet impactful customization in the Windows operating system. Today, …
Windows Generic Installation Keys
SOURCE: https://www.windowsafg.com/keys.html This is just a copy of the data from the source windowafg. I make a copy so that others can find it. …
Windows USB Connection Analysis
USB connections are a commonly used method for transferring data between computers and other electronic devices. In Windows, the use of USB …
WMI Filter Query Consumer
Windows Management Instrumentation (WMI) is a Microsoft technology that provides a unified way of managing Windows operating systems and applications. …
WordWheelQuery
The Registry Section of WordWheelQuery: An Overview for Digital Forensic Investigators The WordWheelQuery registry section is a critical component for …