Forensic Integrations
Explore the forensic artifacts TensorGuard automatically collects and analyzes, from the Master File Table (MFT) and Event Logs to AmCache, JumpLists, and even email logs.
AmCache
BAM/DAM
Event Logs
Jumplists
MFT
Microsoft 365
Prefetch
Profile Lists
PS History
Recent Lnks
Recycle Bin
Scheduled Tasks
Shell Bags
ShimCache
Slack
SRUM
Startup Tasks
UserAssist
USN Journal
Web Browser
AmCache
BAM/DAM
Event Logs
Jumplists
MFT
Microsoft 365
Prefetch
Profile Lists
PS History
Recent Lnks
Recycle Bin
Scheduled Tasks
Shell Bags
ShimCache
Slack
SRUM
Startup Tasks
UserAssist
USN Journal
Web Browser
Explore All Artifacts
AmCache
Windows
Tracks programs that have run on a computer, providing a history of application usage.
About AmCacheBAM/DAM
Windows
A Windows registry artifact that reliably tracks executed programs and links them directly to the specific user account that ran them.
About BAM/DAMEvent Logs
Windows
The computer's diary, recording important system, security, and application events as they happen.
About Event LogsJumplists
Windows
Reveals recently opened files, showing a history of a user's document and application access.
About JumpListsMFT
Windows
A master index of every file on the disk, including critical information about deleted files.
About MFTMicrosoft 365
All
A comprehensive suite of cloud logs capturing user authentication, email routing, and application permissions within the tenant.
About Microsoft 365Prefetch
Windows
A performance-enhancing artifact that provides definitive proof of application execution, run counts, and the specific files accessed during launch.
About PrefetchProfile Lists
Windows
Identifies every user account that has logged into the computer and their associated profile folder.
About Profile ListsPS History
Windows
A command log that reveals specific, advanced actions performed by administrators or sophisticated users.
About PS HistoryRecent Lnks
Windows
Automatically created shortcuts that show which files a user has recently opened or accessed.
About Recent LnksRecycle Bin
Windows
A critical repository of deleted files and their metadata, revealing exactly what a user attempted to remove and when.
About Recycle BinScheduled Tasks
Windows
A native Windows feature used to automate execution, frequently abused by adversaries for stealthy persistence and lateral movement.
About Scheduled TasksShell Bags
Windows
Remembers which folders a user has opened, creating a map of their navigation history.
About Shell BagsShimCache
Windows
A system compatibility record that serves as evidence of which programs have been executed.
About ShimCacheSlack
All
A record of user messages and file transfers that provides evidence of conversations and insider threats.
About SlackSRUM
Windows
Details which applications used network data and CPU time, helping to track internet and program activity.
About SRUMStartup Tasks
Windows
A critical record of applications and services configured to execute automatically at boot or user logon, frequently abused by malware to maintain persistence.
About Startup TasksUserAssist
Windows
Tracks applications launched via the Windows graphical user interface, revealing specific user activity, run counts, and execution times.
About UserAssistUSN Journal
Windows
A hidden system log that records changes made to files and directories, revealing a timeline of file creation, modification, and deletion.
About USN JournalWeb Browser
All
A detailed log of websites visited and files downloaded, showing a user's online activity.
About Web Browser
Join the future of forensics.
Let artificial intelligence accelerate your incident response.