In the digital forensic analysis of Windows systems, artefacts such as event logs, prefetch files, LNK files or the Windows Registry are essential for the investigation of cyber incidents. These artefacts are characterised by the storage of detailed information about system and user activities, allowing the identification of malicious actions, the tracking of attackers' movements and the reconstruction of timelines of critical events. Thanks to these, attack techniques such as command execution, persistence and evasion of system defences can be detected. Knowledge about the collection and analysis of these artefacts ensures accurate and efficient analysis. Therefore, contextualising the relevance of these artefacts helps cybersecurity professionals to strengthen their detection and response capabilities, thus ensuring the integrity of collected evidence and improving the effectiveness of digital forensic investigations.
