Windows Forensic Artifacts

Forensically Important Artifacts in Windows Operating systems

Forensically Important Artifacts in Windows Operating systems

Windows is the most commonly examined operating system among other Operating Systems in the field of Digital/ Host forensics. With versions ranging from windows XP to Windows 10, the windows system store different types of evidence related to the user activity on the computer systems. Most of the forensic investigations will revolve around “traditional areas” (user created, user protected data) such as active, deleted files, password/encrypted files etc., but not around “non – traditional areas (System created data/ Artifacts). This write-up talks about some of the areas which are often ignored/overlooked by several forensic examiners while working on the digital evidence. 


To explore the full article,please open the attached pdf. 


Authored By Bhanu Prakash Kondapally
TCS Enterprise Security And Risk Management.

Windows Secrets - Registry

Windows Secrets - Registry
When you install any software, how many of us click ‘NEXT’ button without a glance? Similarly, how many computer games have we cracked and enjoyed our victory without even knowing what we really did to achieve this? (Google really can help us with everything! Isn’t it? ). In our little mischief, there is a small two-step process of opening the registry and editing few values of it that we generally tend to overlook. 
Windows Registry is the database with information about both hardware and software of the system. Every time we install/uninstall any software or connect/disconnect a hardware device, it will result in alterations of Windows registry. It is in constant use and your system cannot function without using the information stored in the registry. Registry comprises of hidden hives which can be opened using specified tools. Registry editor “REGEDIT”, a default feature which is used to display some of these hives in readable format. 

PC for sale? DonÔÇÖt leave a trail !

PC for sale? DonÔÇÖt leave a trail!

Ever since World Wide Web dropped into our lives in 1991, rapid growth has taken place in the personal, professional, and CRIMINAL use of computers/digital devices. Considering our current society, interaction with electronic devices is inevitable. Most of us interact with them hundreds or may be thousands, of times a day. And most of these devices are “smart” enough to retain information about who you are, and where you were, when you interacted. In essence, the article will discuss about ‘footprints’ that these smart devices leave.

Subscribe to RSS - Windows Forensic Artifacts