Autopsy is an open-source tool that is used to perform forensic operations on the disk image of the evidence. The forensic investigation that is carried

Volatility Workbench is a GUI version of one of the most popular tool Volatility for analyzing the artifacts from a memory dump. It is available

FTK Imager is an open-source software by AccessData that is used for creating accurate copies of the original evidence without actually making any changes to

Cyber Criminals and attackers have become so creative in their crime type that they have started finding methods to hide data in the volatile memory

In this article, we will be focusing on shellbags and its forensic analysis using shellbag explorer. Shellbags are created to enhance the users’ experience by

In this article, we will learn how to perform a forensic investigation on a Page File. There is a lot of information that can be

In this article, we will be using Disk Drive Signature to identify any suspicious changes in systems’ directories or files. Creating such signatures can help

In this article, we are going to study an important artifact of Windows, i.e. prefetch files. Every time you do anything on your Windows system,

In this article, we will gather information utilizing the quick incident response tools which are recorded beneath. All these tools are a few of the