In this chapter, we will cover the following recipes:

• Recycle bin content analysis with EnCase Forensic
• Recycle bin content analysis with Rifiuti2
• Recycle bin content analysis with Magnet AXIOM
• Event log analysis with FullEventLogView
• Event log analysis with Magnet AXIOM
• Event log recovery with EVTXtract
• LNK file analysis with EnCase Forensic
• LNK file analysis with LECmd
• LNK file analysis with Link Parser
• Prefetch file analysis with Magnet AXIOM
• Prefetch file parsing with PECmd
• Prefetch file recovery with Windows Prefetch Carver