In the Windows Forensics 1 room, I explored how to investigate a compromised Windows system by digging into the artifacts it leaves behind. I learned where to look for key pieces of evidence like user activity, system information, and traces of persistence. The room walked me through important areas of the Windows file system and Registry, showing how these hold clues about what happened on a machine.
By working through the exercises, I practiced identifying suspicious activity and piecing together a timeline of events. This gave me a better understanding of how forensic analysts approach real-world investigations and how even small details on a Windows system can reveal the bigger picture of an incident.
