What is forensic analysis?

Tools: Autopsy (disk forensics), Volatility (memory), Wireshark/Zeek (network), SIEM (log correlation). Artifact types: prefetch files (Windows execution evidence), browser history, registry (persistence), event logs. Timeline analysis is the core forensic methodology.