PWF stands for Practical Windows Forensics.
- Create a Windows virtual machine as a target.
- Run an attack script on the target VM (based on the AtomicRedTeam framework).
- Get your hands on some memory and disc images.
- Create a Windows forensic virtual machine.
- Begin your Windows forensic investigation.
Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purpose.
Download Link: https://github.com/bluecapesecurity/PWF