Important files/folders locations on OS

 Windows

C:\Windows\system32\config\SAM --> Stores password hashes (protected by SysKey encryption)

C:\Windows\repair\SAM --> Backup of user credentials (useful for forensic recovery)

C:\Windows\system32\config\SECURITY --> Holds security policies & access control data

 C:\Windows\system32\config\SOFTWARE --> Registry hive storing installed software information (great for malware analysis)

C:\Windows\system32\config\SYSTEM --> Holds system-wide settings and configurations

 C:\Windows\system32\winevt* --> Locations of Windows Event logs, crucial for threat analysis

C:\Windows\Prefetch --> Stores execution data for recently used applications

C:\Windows\AppCompat\Programs\Amcache.hve --> Logs details of executed applications

C:\Users\*\NTUSER.dat --> Contains user registry settings, potential persistence mechanism

 C:\Users\*\AppData\Roaming\Microsoft\Windows\Star Menu\Programs\StartUp --> Common location for malicious persistence mechanisms

C:\ProgramData\Microsoft\Windows\Star Menu\Programs\StartUp --> StartUp programs for all users

C:\Windows\system32\drivers\etc\hosts --> DNS file

C:\Windows\system32\drivers\etc\networks --> Network config file