Baniur/Forensic-Artifacts

GitHub: Baniur/Forensic-Artifacts

Windows 数字取证痕迹知识库,汇总应用程序、注册表与系统文件中的关键证据路径,服务于事件调查与 CTF 取证分析。

Stars: 2 | Forks: 0

# 🕵️ 取证痕迹 - [活动](https://github.com/Baniur/Forensic-Artifacts/blob/main/activities.md) - [应用程序](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md) - [Advanced Port/IP Scanner](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#advanced-port-ip-scanner) - [AnyDesk](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#anydesk) - [Microsoft Edge (Chromium)](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#microsoft-edge-chromium) - [Mozilla Filezilla](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#mozilla-filezilla) - [NetExec](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#netexec) - [Notepad++](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#notepad-plus-plus) - [远程桌面](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#remote-desktop) - [便签](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#stickynotes) - [Sublime Text](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#sublime-text) - [TeamViewer](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#teamviewer) - [Microsoft Windows 10/11 通知](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#microsoft-windows-10-11-notifications) - [Microsoft (Windows) Defender](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#microsoft-windows-defender) - [Microsoft Windows 11 记事本](https://github.com/Baniur/Forensic-Artifacts/blob/main/applications.md#microsoft-windows-11-notepad) - [文件](https://github.com/Baniur/Forensic-Artifacts/blob/main/files.md) - 注册表 - [HKCU | HKEY_CURRENT_USER](https://github.com/Baniur/Forensic-Artifacts/blob/main/registry-hkcu.md) (ntuser.dat) - [SAM | HKEY_LOCAL_MACHINE/SAM](https://github.com/Baniur/Forensic-Artifacts/blob/main/registry-sam.md) - [SOFTWARE | HKEY_LOCAL_MACHINE/SOFTWARE](https://github.com/Baniur/Forensic-Artifacts/blob/main/registry-software.md) - [SYSTEM | HKEY_LOCAL_MACHINE/SYSTEM](https://github.com/Baniur/Forensic-Artifacts/blob/main/registry-system.md) # 📰 文章 #### 网络取证分类 - [用于 DFIR 调查的 Windows 计划任务](https://www.cybertriage.com/blog/windows-scheduled-tasks-for-dfir-investigations/) - [NTUSER.DAT 取证分析](https://www.cybertriage.com/blog/ntuser-dat-forensics-analysis-2025/) - [如何查找网络 Windows 注册表的证据](https://www.cybertriage.com/blog/how-to-find-evidence-of-network-windows-registry/) - [MUICache:IT 和调查人员指南](https://www.cybertriage.com/blog/muicache-2025-guide/) - [UserAssist 取证](https://www.cybertriage.com/blog/userassist-forensics-2025/) - [ShimCache 和 AmCache 取证分析](https://www.cybertriage.com/blog/shimcache-and-amcache-forensic-analysis-2025/) - [Shellbags 取证分析](https://www.cybertriage.com/blog/shellbags-forensic-analysis-2025/) - [如何调查 RunMRU](https://www.cybertriage.com/blog/how-to-investigate-runmru-2025/) - [Windows 注册表取证速查表](https://www.cybertriage.com/blog/windows-registry-forensics-cheat-sheet-2025/)
标签:CTF, Windows, 取证 artifacts, 安全研究, 库, 应急响应, 数字取证, 数据泄露, 自动化脚本