Baniur/Forensic-Artifacts

# 🕵️ 取证痕迹 - [Activities](https://github.com/Baniur/Forensic-Artifacts/blob/main/activities.md) - [Applications](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md) - [Advanced Port/IP Scanner](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#advanced-port-ip-scanner) - [AnyDesk](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#anydesk) - [Microsoft Edge (Chromium)](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#microsoft-edge-chromium) - [Mozilla Filezilla](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#mozilla-filezilla) - [NetExec](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#netexec) - [Notepad++](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#notepad-plus-plus) - [Remote Desktop](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#remote-desktop) - [Sticky Notes](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#stickynotes) - [Sublime Text](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#sublime-text) - [TeamViewer](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#teamviewer) - [Microsoft Windows 10/11 通知](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#microsoft-windows-10-11-notifications) - [Microsoft (Windows) Defender](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#microsoft-windows-defender) - [Microsoft Windows 11 记事本](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#microsoft-windows-11-notepad) - [文件](https://github.com/Baniur/Forensic-Artifacts/blob/main/files.md) - Registry - [HKCU | HKEY_CURRENT_USER](https://github.com/Baniur/Forensic-Artifacts/blob/main/registry-hkcu.md) (ntuser.dat) - [SAM | HKEY_LOCAL_MACHINE/SAM](https://github.com/Baniur/Forensic-Artifacts/blob/main/registry-sam.md) - [SOFTWARE | HKEY_LOCAL_MACHINE/SOFTWARE](https://github.com/Baniur/Forensic-Artifacts/blob/main/registry-software.md) - [SYSTEM | HKEY_LOCAL_MACHINE/SYSTEM](https://github.com/Baniur/Forensic-Artifacts/blob/main/registry-system.md) # 📰 文章 #### Cyber Triage - [Windows 计划任务与 DFIR 调查](https://www.cybertriage.com/blog/windows-scheduled-tasks-for-dfir-investigations/) - [NTUSER.DAT 取证分析](https://www.cybertriage.com/blog/ntuser-dat-forensics-analysis-2025/) - [如何查找网络 Windows Registry 证据](https://www.cybertriage.com/blog/how-to-find-evidence-of-network-windows-registry/) - [MUICache：IT 人员和调查人员指南](https://www.cybertriage.com/blog/muicache-2025-guide/) - [UserAssist 取证](https://www.cybertriage.com/blog/userassist-forensics-2025/) - [ShimCache 和 AmCache 取证分析](https://www.cybertriage.com/blog/shimcache-and-amcache-forensic-analysis-2025/) - [Shellbags 取证分析](https://www.cybertriage.com/blog/shellbags-forensic-analysis-2025/) - [如何调查 RunMRU](https://www.cybertriage.com/blog/how-to-investigate-runmru-2025/) - [Windows Registry 取证速查表](https://www.cybertriage.com/blog/windows-registry-forensics-cheat-sheet-2025/)

标签：DAST, GitHub开源, HTTPS请求, SecList, Windows取证, 云资产清单, 内存取证, 内核模块, 取证知识库, 后渗透, 子域名变形, 安全资源, 库, 应急响应, 恶意软件分析, 数字取证, 数据包嗅探, 数据恢复, 无线安全, 注册表分析, 电子取证, 痕迹分析, 磁盘取证, 网络安全, 网络安全审计, 自动化脚本, 逆向工程, 防御加固, 隐私保护