Tag: Digital Forensics

4n6Post Artifact, CTF Write ups and AI Tools

4N6Post Artifacts

Registry - SAM

SAM Database - Windows Security Account Manager Security Account Manager (SAM) database in short, is the critical components of Windows security …

MACB Timestamp Reference

MACB Forensic Timestamp Reference I put together a nice little post here detailing the behavior of MACB timestamps (Modified, Accessed, Changed, …

MRU (Most Recently Used)

The MRU (Most Recently Used) registry is a database in Microsoft Windows that stores information about recently opened files, URLs, and other items. …

Amcache.hve

Amcache.hve is a forensic artifact that can be used to uncover valuable information about a computer system, both in normal and malicious use cases. …

Velociraptor - Endpoint Visibility & Digital Forensics

Velociraptor is a web-based tool designed for endpoint visibility and management. It provides a user-friendly interface for monitoring and managing …

ShellBags Registry

Understanding ShellBags in the Windows Registry: A Deep Dive As my other posts likely portrais. The Windows operating system is a treasure of love and …

KAPE to SOF-ELK

Resources and Help SOF-ELK from GitHub or VM from FOR572 Kroll - KAPE Direct Download SOF-ELK KAPE Support YouTube Video Guide by SystemForensics …

Registry- SYSTEM Select

Windows Registry SYSTEM Select Key Analysis The Windows Registry is a hierarchical database that stores configuration information for the operating …

Registry- Start, Shutdown, and Reboot

Windows Registry: System Start, Shutdown, and Reboot Tracking The Windows registry is a hierarchical database that stores configuration settings for …

ShimCache

ShimCache - Windows Application Compatibility Cache for Digital Forensics Shimcache is a Windows artifact that stores information about programs that …

Windows Install Date & Time

The Windows registry is a central repository of configuration data for the Windows operating system and its applications. One important aspect of the …

Ad Disabling Tailored Experience

Customizing Windows: Ad Disabling and Tailored Experience In the realm of Windows customization, users often seek ways to tailor their experience to …

Enable Windows BSOD Detail

Introduction By default, Windows displays a simple emoticon (smiley face) when a Blue Screen of Death (BSOD) occurs. However, if you prefer to see …

File and Folder Opening - Link Files (LNK)

Windows users are likely familiar with .lnk files, also known as LNK Link files. These files are shortcuts that point to another file or folder on the …

JumpList Forensics

JumpList Forensics JumpList is a feature of Microsoft Windows operating systems that allows users to quickly access frequently used files, folders, …

MFT

MFT Analysis - Master File Table Forensics Guide The $MFT, or Master File Table, plays a crucial role in the NTFS (New Technology File System) …

Prefetch

Windows Prefetch Analysis - Digital Forensics Execution Tracking Windows Prefetch is a feature in the Windows operating system that was first …

Recycling.Bin / Recycler

The Recycling Bin is a well-known feature in Windows operating systems that acts as a temporary storage location for deleted files. However, what many …

Registry- RunMRU

Understanding the RunMRU Registry: Security Implications and Forensic Value The RunMRU (Most Recently Used) registry is a key component of the …

SysInternals Tools Registry Forensics

SysInternals Tools - Registry Forensics and Analysis What is SysInternals? SysInternals is a suite of advanced system utilities for Microsoft Windows …

TimeZone Information

The Windows registry is a critical component of the Windows operating system. It stores important configuration data and settings that help the …

TypedPath Registry

Registry Section of TypedPath: Understanding Its Importance in Digital Forensics The registry is an important aspect of a computer’s operating …

Windows Border Size Modification

Exploring Windows Border Size Modification Welcome to our exploration of a subtle yet impactful customization in the Windows operating system. Today, …

Windows Generic Installation Keys

SOURCE: https://www.windowsafg.com/keys.html This is just a copy of the data from the source windowafg. I make a copy so that others can find it. …

Windows USB Connection Analysis

USB connections are a commonly used method for transferring data between computers and other electronic devices. In Windows, the use of USB …

WMI Filter Query Consumer

Windows Management Instrumentation (WMI) is a Microsoft technology that provides a unified way of managing Windows operating systems and applications. …

WordWheelQuery

The Registry Section of WordWheelQuery: An Overview for Digital Forensic Investigators The WordWheelQuery registry section is a critical component for …