List of Windows Forensic Artifacts

This is community collaborated consolidated list of Microsoft Windows Forensic Artifacts. Feel free to comment below to add more forensic artifacts related to Microsoft Windows.

For list of Linux Forensic Artifacts go to List of Linux Forensic Artifacts. And for list of Mac Forensic Artifacts go to List of Mac Forensic Artifacts. For list of Android Forensic Artifacts go to List of Android Forensic Artifacts. For list of iOS Forensic Artifacts go to List of iOS Forensic Artifacts

System Artifacts

  • AmCache
  • Event Logs
  • Jump Lists
  • Most Recently Used (MRU)
  • PageFile
  • Prefetch files
  • Shell Bags
  • ShimCache
  • SuperFetch
  • Windows Registry

User Artifacts

Applications Artifacts

  • Google Chrome
  • Filezilla
  • Mozilla Firefox
  • Skype