Autopsy is an open-source tool that performs forensic operations on the disk image of the evidence. Here, we display the forensic investigation that we conduct

Volatility Workbench is a GUI version of one of the most popular tool Volatility for analyzing the artifacts from a memory dump. It is available

AccessData offers FTK Imager, an open-source software that creates accurate copies of the original evidence without making any changes to it. The original evidence image

Cybercriminals and attackers have become so creative in their methods that they have started hiding critical data in the volatile memory of systems. Today, in

In this article, we will be focusing on shellbags and its forensic analysis using shellbag explorer. Shellbags are created to enhance the users’ experience by

In this article, we will learn how to perform a forensic investigation on a Page File. There is a lot of information that can be

In this article, we will be using Disk Drive Signature to identify any suspicious changes in systems’ directories or files. Creating such signatures can help

In this article, we are going to study an important artifact of Windows, i.e. prefetch files. Every time you do anything on your Windows system,