TechNaduDec 10

FortiGuard IR researchers have highlighted unexpected forensic value in the AutoLogger-Diagtrack-Listener.etl file on modern Windows systems.

Despite low exploitation severity, the artefact has shown the ability to preserve historical process-execution data, including deleted binaries and command-line traces — helpful in ransomware investigations.

What’s your view on ETW-based artefacts in DFIR workflows?

Source: https://www.fortinet.com/blog/threat-research/uncovering-hidden-forensic-evidence-in-windows-mystery-of-autologger

Share your insights and follow us for more clear, unbiased analysis.

#InfoSec #DFIR #ThreatIntel #WindowsForensics #ETW #Telemetry #CyberSecurity #IncidentResponse #SecurityResearch #ThreatAnalysis

Pen Test PartnersJul 31, 2025

Deleted a folder? Shellbags is the accessory you need...

They’re one of the most valuable forensic artifacts for tracing user activity in Windows, even if the folders are gone.

This blog post by our Joseph Williams walks through how Shellbags work, how to analyse them with tools like ShellBags Explorer, and what they reveal about user navigation through local, external, and network locations.

If you're in DFIR, this is one artifact you don't want to miss.

📌 Read the blog: https://www.pentestpartners.com/security-blog/dfir-tools-and-techniques-for-tracing-user-footprints-through-shellbags/

#DFIR #DigitalForensics #WindowsForensics #IncidentResponse #Shellbags #CyberSecurity #ForensicAnalysis

Tedi HeriyantoJul 13, 2025

Windows Registry Forensics 2025: https://www.cybertriage.com/blog/windows-registry-forensics-2025/

#WindowsRegistry #WindowsForensics

Windows Registry Forensics 2025

Key insights for your investigation found in one place! An overview into Windows Registry Forensics and how to leverage data for your investigations. Jump

Cyber Triage
Tedi HeriyantoJun 27, 2025

NTUSER.DAT Forensics Analysis 2025: https://www.cybertriage.com/blog/ntuser-dat-forensics-analysis-2025/

#WindowsForensics

NTUSER.DAT Forensics Analysis 2025

Everything you need to know about NTUSER.DAT forensics in one place. This article by DFIR expert Chris Ray explains what NTUser.dat is, its forensic

Cyber Triage
Tedi HeriyantoJun 11, 2025

Windows Registry Forensics Cheat Sheet 2025: https://www.cybertriage.com/blog/windows-registry-forensics-cheat-sheet-2025/

#WindowsRegistry #WindowsForensics #cheatsheet

Windows Registry Forensics Cheat Sheet 2025

Save. This. Post. Our expert staff has compiled an up-to-date and comprehensive Windows Registry forensics cheat sheet, and it might be just what you need

Cyber Triage
Tedi HeriyantoMay 4, 2025

Windows Event Log Forensics: Techniques, Tools, and Use Cases: https://belkasoft.com/windows-event-log-forensics

#windowseventlogs #WindowsForensics

Windows Event Log Forensics: Techniques, Tools, and Use Cases

Learn how to analyze Windows event logs in digital forensics and how Belkasoft X enhances event log analysis.

Tedi HeriyantoDec 25, 2024

Network Analysis via PowerShell: https://medium.com/@iramjack8/network-analysis-via-powershell-4f1a7460a19b

#networkforensics #WindowsForensics #powershell #digitalforensics

Network Analysis via PowerShell - Iram Jack - Medium

PowerShell is an extremely powerful and extensive command shell for Windows with its own scripting language. It can be used to automate tasks, audit and configure the Windows operating system, and it…

Medium
Tedi HeriyantoNov 3, 2024

ShimCache vs AmCache: Key Windows Forensic Artifacts: https://www.magnetforensics.com/blog/shimcache-vs-amcache-key-windows-forensic-artifacts/

#digitalforensics #WindowsForensics #shimcache #amcache

ShimCache vs AmCache: Key Windows Forensic Artifacts - Magnet Forensics

Discover the forensic value of ShimCache & AmCache on Windows systems to track program execution, build timelines, and uncover cyber threats.

Magnet Forensics
Tedi HeriyantoOct 17, 2024

Remote Desktop Application vs MSTSC Forensics: The RDP Artifacts You Might Be Missing: https://www.zerofox.com/blog/remote-desktop-application-vs-mstsc-forensics-the-rdp-artifacts-you-might-be-missing/

#rdp #WindowsForensics

Remote Desktop Application vs MSTSC Forensics: The RDP Artifacts You Might Be Missing

Find out the various RDP artifacts that may not be in traditional locations checked by incident responders.

ZeroFox
DetectalixOct 7, 2024
Introduction to the Windows Registry and its forensic analysis on a Kali Linux workstation using RegRipper, an open source tool specifically designed to extract forensic artifacts from the Registry.
*
Watch the video on YouTube and subscribe to the channel 👇
https://youtu.be/twwrQFugaOM
*
*
*
#windows #windowsregistry #windowsforensics #digitalforensics #computerforensics #regripper #kalilinux
Windows Registry analysis with RegRipper (on Kali Linux)

YouTube