the stream

SANS reading room: Tor Browser Artifacts in Windows 10

Alexander Bochmann Saturday 25 of February, 2017
This new document (PDF) in the forensics category of the SANS reading room introduces quite a few basic Windows-specific forensic tools being used on an example of tracking down the changes caused by a Tor Browser installation.

The first one being mentioned, Regshot (to compare the Registry before and after installation), seems immediately useful.