PWF stands for Practical Windows Forensics.


  1. Create a Windows virtual machine as a target.
  2. Run an attack script on the target VM (based on the AtomicRedTeam framework).
  3. Get your hands on some memory and disc images.
  4. Create a Windows forensic virtual machine.
  5. Begin your Windows forensic investigation.

Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purpose.

Download Link:

This site is under maintenance,
some features might not work!!!