windows
File System:
> %SYSTEMROOT%\System32\drivers\etc\hosts -> dns
> %SYSTEMROOT%\System32\drivers\etc\networks -> network
> %SYSTEMROOT%\system32\config\SAM -> shadow
> %WINDIR%\system32\config\AppEvent.Evt -> app log
> %WINDIR%\system32\config\SecEvent.Evt -> auth log
> %ALLUSERSPROFILE%\Start Menu\Programs\Startup\
> %USERPROFILE%\Start Menu\Programs\Startup\
> %SYSTEMROOT%\Prefetch\ -> exe logs
Note
chech and run the cmds. to be continue….