Welcome to the Windows Forensics repository — a comprehensive collection of written guides covering key topics in Windows-based digital forensics. These Markdown files provide clear, practical, and beginner-friendly explanations of various forensic artifacts, techniques, and tools used in incident response and investigation.
This repository includes structured .md files that walk you through:
- 🔹 Introduction to Windows Forensics and Artifacts
- 🔹 File system and registry analysis
- 🔹 User activity artifacts (Scheduled Tasks, Prefetch, Shellbags, etc.)
- 🔹 Browser forensics (Chrome, Firefox, Edge, etc.)
- 🔹 Memory forensics using tools like Volatility and MemProcFS
- 🔹 Deleted file recovery on NTFS file systems
- 🔹 Forensics CTF walkthroughs
- 🔹 Velociraptor installation, dashboard, and use cases
Each video is self-contained and designed for easy understanding and hands-on practice in a forensic lab setup.
- Clone or download the repository:
git clone https://github.com/CodeLife01/Windows-Forensics.git cd Windows-Forensics
This repository is for educational and research purposes only. Do not perform digital forensic techniques or investigations on real systems without appropriate legal authorization. Always practice safe and ethical forensic analysis in controlled environments.
We welcome contributions to expand and improve this learning resource!
You can:
Submit corrections or updates to existing guides
Add new Markdown files for tools, artifacts, or CTFs
Help organize content into modules or categories
Feel free to fork the repo, open an issue, or create a pull request.
This project is licensed under the MIT License.
🎓 Happy learning and stay forensic-ready!
— Sadeeq Muhammad