The evidence we seek in today's digital environment frequently resides in
computer systems. The basic knowledge and abilities needed to carry out an extensive
Windows forensics investigation are provided to readers in this chapter. We start by
building a solid foundation of the fundamentals of Windows forensics. Methods for
gathering volatile data, which is kept in memory, as well as non-volatile data, such as
files and system records, are investigated. We then explore the skill of interpreting this
abundance of data. The chapter will teach readers how to mine a variety of Windows
data sources, such as program data, system configuration files, and user activity logs,
for important evidence. Turning the page, the chapter presents the Windows Registry,
an essential part that protects the configuration secrets of the operating system.
Methods for examining both static and dynamic registry hives are offered, enabling
detectives to find concealed proof of malicious activity or system alterations. Looking
into internet browser history is a necessary step in any digital inquiry. To find possible
leads and user activity patterns, this chapter walks readers through the process of
extracting and analyzing web browser history, cookies, and cached data. This chapter
provides readers with the necessary knowledge to enable them to extract and analyze
digital evidence from Windows PCs with ease. This information is crucial for forensic
investigations to be clear and for finding the truth.
Keywords: Cookie, Cache data, Metadata, Registry analysis, Windows forensics.
