Tag Archives: Collecting Windows Artifact

ShellBagger – Analyze ShellBag Artifacts

ShellBagger is a tool that you can use to analyze shellbag artifacts. Microsoft Windows tracks user window viewing preferences specific to Windows Explorer.

CurrProcess – Tool to Display Currently Running Processes

CurrProcess utility is another nirsoft product that you can use among your toolkit for incident response.

CyLR — Live Response Collection Tool

The CyLR tool collects forensic artifacts from hosts with NTFS file systems quickly, securely and minimizes impact to the host.