Ctrlk

Introduction
Windows Artifacts
Windows DFIR & MITTR
SOC Related
- Cached Credentials
- Domain Controller Password Spraying

Powered by GitBook

Page cover

On this page

Was this helpful?

Windows Artifacts

Deleted File or File Knowledge

WordWheelQuery (Win 7+)ACMRU (Win XP)Internet Explorer file:///Last Visited MRU Thumbs.db (Win XP)Thumbcache Recycle Bin User Typed Paths Windows Search Database

PreviousCloud Storage NextWordWheelQuery (Win 7+)

Last updated 1 year ago

Was this helpful?