Forensic artifacts refer to bits of information that an operating system records, when a user is using his computer system. These bits of data are user/session specific and provide all information regarding the use of a particular application or program along with the necessary time stamps. A digital forensic investigator needs to be aware of such artifacts in order to perform a legally acceptable, accurate and tool-independent analysis of a questioned system. This paper provides a comprehensive review guide for all forensic artifacts available in a Windows 8 environment. These artifacts supply both conclusive and probative evidence to an investigator and form vital preliminaries of incident response in a digital crime scenario.

1. Carvey H. Jumplistsanalysis, Windows Incident Response Blog, August 172011 http://windowsir. blogspot. in/2011/08/jump-list-analysis. html
2. Carvey H. Registry analysis, SANS Forensics summit 2009, Accessed on 2014 October 15http://computer-forensics. sans. org/summit-archives/2009/8-harlan-carvey-registry-analysis. pdf
3. Farmer D. A forensics analysis of the windows Registry. -Accessedon2013October22http://eptuners. com/forensics/contents/examination. htm
4. Harrell C. Volume Shadow Copy Timeline, Journey into incident response Blog, Sunday, March 25, 2012 http://journeyintoir. blogspot. in/2012/03/volume-shadow-copy-timeline. html
5. How to repair Windows desktop icons with AB Commander,Wednesday,May4th,2011http://www. winability. com/info/icon-cache/
6. Farmer D. , "A Forensic Analysis of Windows Registry", Forensic Focus 2014http://www. forensicfocus. com/a-forensic-analysis-of-the-windows-registry
7. Lee R. , "Digital Forensics and Incident Response Poster"22nd Edition' 2012 http://computer-forensics. sans. org
8. Mueller L. , "Windows 7 Forensics Thumbcache_*. db". PostedJanuary10th,2010http://www. forensickb. com/2010/01/windows-7-forensics-part-iv. html
9. Wong WernL. , "Forensic Analysis of Windows Registry", Accessed 23rd December' 2014, http://www. forensicfocus. com
10. Johnson K. ' "Windows 8 recovery forensics", SANS DFIASUMMIT2012. https://computerforensics. sans. org/summit-archives/2012/windows-8-recovery-forensics-understanding-the-three-rs. pdf
11. Collie J. , "The windows IconCache. db: A Resource of Forensic Artifacts from USB connectable devices", Vol. 9, Issue 3-4, Digital Investigation, Elsevier 2013, Pg. 200-210.
12. Johnson K. W. , "Windows 8: Recovery Forensics", : In Proceedings of SANS DFIR Summit 2012https://digital-forensics. sans. org/summit-archives/2012
13. Koepi D. , "Taking One Byte at a Time", Posted September29,2013https://davidkoepi. wordpress. com/category/windows-artifacts/
14. Lee R. , "Windows 7 Computer Forensics", SANS Digital Forensics and Incident Response Blog, Posted October 27th 2009http://digitalforensics. sans. org/blog/2009/10/27/windows-7-computer-forensics
15. "Managing Roaming User Data Deployment Guide ", accessed December 25th2014https://technet. microsoft. com/en-us/library/cc766489%28v=ws. 10%29. aspx
16. Miller J. M. , "Build: More Details On Building Windows 8 Metro Apps", Forward Thinking, PC Magazine September 2014 http://forwardthinking. pcmag. com/show-reports/287736-build-more-details-on-building-windows-8-metro-apps
17. "Windows Sensor and Location Platforms":accessed on October 10th 2014http://archive. msdn. microsoft. com/
18. Lynes R. , " Forensic Analysis of Windows 7 Jump Lists", Forensic Focus , created October 30th, 2012. http://articles. forensicfocus. com/2012/10/30/forensic-analysis-of-windows-7-jump-lists/
19. Thomson A. C. F, "Windows 8: Forensic Guide", Windows8ConsumerGuide2012https://propellerheadforensics. files. wordpress. com/2012/05/thomson_windows-8-forensic-guide2. pdf

Artifacts Digital Forensics Analysis Incident Response Log Files Mac Pathway Probative Evidence Registry Timestamps Windows 8