This document summarizes Windows forensic artifacts and tools that can be used for forensic investigations. It discusses the steps of a forensic investigation, rules to follow, common Windows artifacts like event logs and browser artifacts, and tools that can extract user details and system activity from a disk image or memory dump. Examples of artifacts that can be examined without tools include mounted devices, USB storage details, task manager history, event logs and system files.