There are 4 repositories under windows-forensics topic.
Cross-platform registry browser for raw Windows registry files
ExeSpy is a cross-platform PE viewer for EXE and DLL files
Command Spy is a utility for monitoring the command line arguments of new processes on Windows. Made for CCDC.
Tools and Techniques for Digital Forensics and Incident Response
Python module for forensic analysis of Windows shortcuts (LNK files). You can install this package using pip install lnkanalyser
When conducting an investigation on a Windows machine there are 8 phase to go through, today we’ll discuss the first ‘Collecting Volatile Information’, and the rest will be explained in future topics
Gives you the list of storage devices that has been connected to your windows machine
Handbook of windows forensic artifacts across multiple Windows version with interpretation tips with some examples. Work in progress!