Tag Archives: Windows Forensics

TAC – Timeline ActivitiesCache Parser

Microsoft released a Windows 10 update with the capability to show a chronology of actions taken by the user. This new application is called Timeline and is part of Windows Task View. TAC - Timeline ActivitiesCache Parser allows user to

Rifiuti2 – Windows Recycle Bin Analysis Tool

Rifiuti2 analyse recycle bin files from Windows. Analysis of Windows recycle bin is usually carried out during Windows computer forensics.

Panorama – Fast Incident Overview

Panorama was made to generate a wide report about Windows systems, support and tested on Windows XP SP2 and up.

AlternateStreamView – Tool to Investigate ADS File System

AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system.

CurrProcess – Tool to Display Currently Running Processes

CurrProcess utility is another nirsoft product that you can use among your toolkit for incident response.