Add Windows forensic artifact collection toolkit

Add PowerShell scripts for collecting forensic artifacts:
- USB/storage devices, mounted drives, portable devices
- Network history and hotspot connections
- Recent documents (OpenSavePidlMRU with PIDL parsing)
- System info and user enumeration with multiple output modes

Includes TODO.md for planned artifacts and updated README.

windows/Get-MountedDevices.ps1

@@ -0,0 +1,16 @@
+# Get-MountedDevices.ps1
+# Lists mounted devices and drive letter mappings
+
+Write-Host "=== Mounted Devices ===" -ForegroundColor Cyan
+Write-Host "HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices"
+
+try {
+    $mounted = Get-ItemProperty -Path "HKLM:\SYSTEM\MountedDevices" -ErrorAction SilentlyContinue
+    if ($mounted) {
+        $mounted.PSObject.Properties | Where-Object { $_.Name -notmatch "^PS" } | ForEach-Object {
+            Write-Host "$($_.Name)" -ForegroundColor Yellow
+        }
+    }
+} catch {
+    Write-Host "Error: $_" -ForegroundColor Red
+}