Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)

Win 10/11 related research

SQLite queries

Browse Windows Prefetch versions: 17,23,26,30v1/2 & some of SuperFetch .7db/.db's

Automatic/Custom Destinations & LNK (MS-SHLLINK) Browser

Various Topics

This script allows us to perform an execution in the memory of the device without leaving traces for forensic analysts after its execution.

Forensic-Extract : Script PowerShell d'extracttion de logs / information d'un poste sours Windows 10

This tool simplifies the process of extracting and inspecting users CLSID registry values. Easily identify potential threats and malicious activity like examining CLSID's of COM Objects for compromise or replacement by malware.