The forensic value of MFT journals is that they can be used to find evidence of file creations, deletions, renames, etc.

The amount of information stored locally in the browser's folders is huge and can be super useful for forensic analysis.

Windows event logs provide a rich source of forensic information for threat hunting and incident response investigations.

While WMI and PowerShell can be used for attacks, they equally can be used for defense.

While Windows forensics is widely covered via several courses and articles, there are fewer resources introducing it to the Linux Forensics