Windows Forensics
Notes and links about Windows computer forensics
Windows Forensics Cheat Sheet
User Group Registry Keys
Create copy of live NTDS.DIT and Security and System registry hives.
Some old notes related to forensics
Netlogon errors to track down hosts not on AD Site
Places the host name can be found in the registry
The format of the old Scheduled Tasks files in C:\Windows\Tasks
The format of a Shortcut file