In one of our tutorials I came across this poster from the SANS Institute. It contains a great overview of what to look for in case of a certain intrusion on your system. It gives you a great guide to where you can find the various Windows artifacts that contain the evidence you need.

Since this guide only covers Win XP and Win 7, I wanted to do an overview of what has changed after Win 8 and 10 came out. But unfortunately, I don`t have any of those operating systems installed. I have worked with them many times, but never on the artifact level. I will imagine that they are somewhat different, since even between XP and 7 they differ.

I will try to make this a project over the summer, since I have been planning to upgrade to Win 10. But, I am reluctant since I really love my 7. Also, I am considering making the complete change into only Kali Linux. Hmm. Decisions.