Windows Registry Forensics 2025: https://www.cybertriage.com/blog/windows-registry-forensics-2025/

#WindowsRegistry #WindowsForensics

NTUSER.DAT Forensics Analysis 2025: https://www.cybertriage.com/blog/ntuser-dat-forensics-analysis-2025/

#WindowsForensics

Windows Registry Forensics Cheat Sheet 2025: https://www.cybertriage.com/blog/windows-registry-forensics-cheat-sheet-2025/

#WindowsRegistry #WindowsForensics #cheatsheet

Windows Event Log Forensics: Techniques, Tools, and Use Cases: https://belkasoft.com/windows-event-log-forensics

#windowseventlogs #WindowsForensics

Network Analysis via PowerShell: https://medium.com/@iramjack8/network-analysis-via-powershell-4f1a7460a19b

#networkforensics #WindowsForensics #powershell #digitalforensics

ShimCache vs AmCache: Key Windows Forensic Artifacts: https://www.magnetforensics.com/blog/shimcache-vs-amcache-key-windows-forensic-artifacts/

#digitalforensics #WindowsForensics #shimcache #amcache

Remote Desktop Application vs MSTSC Forensics: The RDP Artifacts You Might Be Missing: https://www.zerofox.com/blog/remote-desktop-application-vs-mstsc-forensics-the-rdp-artifacts-you-might-be-missing/

#rdp #WindowsForensics

Introduction to the Windows Registry and its forensic analysis on a Kali Linux workstation using RegRipper, an open source tool specifically designed to extract forensic artifacts from the Registry.
*
Watch the video on YouTube and subscribe to the channel 👇
https://youtu.be/twwrQFugaOM
*
*
*
#windows #windowsregistry #windowsforensics #digitalforensics #computerforensics #regripper #kalilinux

Handbook of windows forensic artifacts across multiple Windows version with interpretation tips with some examples: https://github.com/Psmths/windows-forensic-artifacts

#WindowsForensics

Windows Forensics Process from BelCyber.

1. Gathering Volatile Information: https://belcyber.medium.com/windows-forensic-investigation-dd2c0f2d3170

2. Collecting Non-volatile Information: https://belcyber.medium.com/windows-forensic-investigation-2-collecting-non-volatile-information-8dc88d6fb903

3. Memory Analysis: https://belcyber.medium.com/windows-forensic-investigation-3-memory-analysis-e1169b5a842f

4. Registry Analysis: https://belcyber.medium.com/windows-forensic-investigation-4-registry-analysis-3d61a10b463f

5. Cache, Cookies, and History Analysis: https://belcyber.medium.com/examine-the-cache-cookies-and-history-recorded-in-web-browsers-670db69bbef7

6. Windows File Analysis & 7. Metadata Investigation: https://belcyber.medium.com/windows-forensics-examine-windows-files-and-metadata-f8c3c43ea05a

8. Event Logs Analysis: https://belcyber.medium.com/windows-forensics-event-logs-analysis-e21b08cf1c05

#WindowsForensics #dfir

CLI tools for forensic investigation of Windows artifacts: https://github.com/dfir-dd/dfir-toolkit

#dfir #WindowsForensics

RT @TCMSecurity@twitter.com

If you've been looking to learn more about Windows Forensics, the new Practical Windows Forensics course on TCM Academy is a great introduction course to get you started.

Learn more here: https://academy.tcm-sec.com/p/practical-windows-forensics

#forensics #windows #microsoft #windowsforensics #cybersecurity

🐦🔗: https://twitter.com/TCMSecurity/status/1545090348803825665