Forensically Important Artifacts in Windows Operating systems

Windows is the most commonly examined operating system among other Operating Systems in the field of Digital/ Host forensics. With versions ranging from windows XP to Windows 10, the windows system store different types of evidence related to the user activity on the computer systems. Most of the forensic investigations will revolve around “traditional areas” (user created, user protected data) such as active, deleted files, password/encrypted files etc., but not around “non – traditional areas (System created data/ Artifacts). This write-up talks about some of the areas which are often ignored/overlooked by several forensic examiners while working on the digital evidence. 


To explore the full article,please open the attached pdf. 


Authored By Bhanu Prakash Kondapally
TCS Enterprise Security And Risk Management.

Rate this article: 
Average: 3 (4 votes)
Article category: