Windows Forensic Analysis Toolkit (2021) ?

In this article, we are telling you about Windows Forensic Analysis Tools. You must also have done research about Windows Forensic Tools at some time, but you must have found different places about it.

Here we are giving you a complete article about Windows Forensic Analysis. Windows Forensic Analysis comes in the modules of CHFI. We have given you some articles on CHFI in the past, you can read them if you want.

We have told you in an article with some basic forensic tools, but it has told you very little about Windows Forensic Analysis, so in this article here you are being given complete information about Windows Forensic Analysis.

Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.

What is Windows Forensic ?

First of all you should know what is Windows Forensic Analysis and when we do Windows Forensic, this topic can be very useful for you, so you must read this article carefully.

Let us understand from the example as if there is a victim who has done some kind of illegal activity using a computer, in such a case, a forensic investigator has to extract the information of the victim.

In such a normal user cannot do all this, but if you are a Computer Hacking Forensic Investigator, in such a way you can do this here by using many such tools you can do Windows Forensic Analysis.

Here we are telling you practically about all the types of Windows Forensic tools, as well as these tools help in finding the victim device’s wifi password, login username password, websites password, so don’t misuse them.

Also Read

How to use access data ftk imager

What is malware analysis

How to use autopsy software

Windows Forensic Analysis Tools ?

Here we are telling you about many types of Windows Forensic Analysis Tools like Browsing history Tools, PS Tools, Last activity Tools, Wifi password view, Event logs and many other tools which are used.

PS Tools

First of all, we are telling you about PS Tools, you can also call PS Tools as Process listing Tools, you can find many types of tools that can be used for Windows Forensics.

https://docs.microsoft.com/en-us/sysinternals/downloads/pstools

Windows Forensic Analysis

Here first of all we want to make you clear one thing, you can use these tools as Run as administrator, here first you have to run CMD as Run as administrator, after that you can use them.

As you can see in the image, first of all you have to come to the PS Tools folder through CMD, everyone knows how to do it, if you are following our articles from the beginning, then you know about it.

Windows Forensic Analysis

After doing all this, you can see the list of tools by giving dir command, after that you can do whatever tool you want to use here, as shown in the image, you have to do the same way.

Windows Forensic Analysis

Here if you want to save the output, in such a way you can also do this, here you get many types of tools which are not possible to tell in an article, in such a way, you can try using them.

Windows Forensic Analysis

You get a lot of information about the victim computer with the help of these small tools like when the victim is logged in, when logged in, what services are being run and much more, you get to know here with the help of these tools.

Last Activity view tool

In this way, you also get the last activity view tool, with the help of which you can see what the targeted victim has done on his computer, if he removes it from recent places.

https://www.nirsoft.net/utils/computer_activity_view.html

Windows Forensic Analysis

In such a case, you show this last activity tool victim last activity, you can understand yourself how useful this windows forensics tool can be for an investigator, so you must know about it.

Folder Time Update

In this way, you get the Folder Time Update Tool, with the help of which you can find out when and which folder has been modified by the victim in your computer, as well as when that folder has been opened, you can see it in the last activity view.

https://www.nirsoft.net/utils/folder_time_update.html

Windows Forensic Analysis

But here, with the help of Folder Time Update, you get to know how long the folder is already in the victim’s computer and when the modification was done in it, you get to see all this with time.

Win Logon View

In the same way, you can find out with the help of Win Logon View that when the victim has logged in and when he has logout, the information to login and log out of the victim is collected the most.

https://www.nirsoft.net/utils/windows_log_on_times_view.html

Windows Forensic Analysis

Because the most important thing to be noticed in Windows Forensic Analysis is that when any kind of illegal activity has happened, which user was login at that time and PS tool also helps you in how long it remains login, as well as Win Logon View tool also helps you.

Wireless key View

Wireless key view can be very useful for you.This tool is also used to show the passwords of Wifi as well as it is also used in Windows Forensic Analysis, let’s understand it by example.

https://www.nirsoft.net/utils/wireless_key.html

Just like we have to know in Windows Forensic Analysis that when our victim was doing some kind of illegal activity, at which time he was connected to the Wifi network, then this work can be done with the help of this tool.

Here, along with all the saved passwords coming in the network, the Wifi passwords are also shown to you, which have been used before, even if the network is no longer in your range.

My last Search

My last Search is considered to be a very good and most used Windows Forensic Analysis tool because this small tool helps a lot in forensic investigation, you understand only when you use it.

https://www.nirsoft.net/utils/my_last_search.html

Let us understand from the example, all of you must have seen mom movie, where a search has been done on the internet to create some kind of poison, in such a way that even if the search results are deleted, we still see the last search of the victim.

You will definitely see this by doing this, you will also know that before you run this tool, you should clear your history, after that, by running this tool, you will get your searches show, in such a way, you can understand How much is used it in Windows Forensic Analysis.

Web Browser Pass View

Web Browser Pass View is a tool used in your Windows Forensic Analysis as well as ethical hacking because this small tool easily shows all the saved passwords.

https://www.nirsoft.net/utils/web_browser_password.html

In such a way, you can understand yourself if these passwords are found in the hands of a hacker, in such a case, they can login to any account only then you are told that you should never save and keep passwords.

Because hackers know how to save password saved in browser easily, here we want to tell you that all these tools can also be used like autorun tools where batch script is used.

We have also told you in earlier articles how batch script is used in hacking, in the same way, batch script programming language can also be used with tools, so you should never save passwords.

The Conclusion

I hope that now you can understand about Windows Forensic Analysis Tools, here we have told you about the most practical use of Windows Forensic Analysis Tools.

It is not that Windows Forensic Analysis Tools are just that, apart from these, there are many such tools which can be used such as browsing history view, getting the information of a pdf file, extracting the information of an image.

There are many types of tasks that are kept in Windows Forensic Analysis, here we have told you more tools related to the operating system, you will also be told tools for network further which can be used.

Here comes the question that if we do not have access to the victim computer, then what do we have to do here, we have to use the system hacking or bypass the password, it has already been told to you.

If you have not read our article about system hacking and how to break or forgot window password, then in this way you can also read our article, hacking you windows has been told many times before like HTA Attack method, Reverse shell method etc.

Subscribe to our blog for latest updates.

Sharing is Caring

Thankyou.

Be the first to comment

Leave a Reply

Your email address will not be published.


*