Registry (5 Hives), Volume Shadow Copies, UAC, Memory Paging Commands: netstat, whoami, ping, ipconfig Tools: Sysinternals, Process Hacker