- Add -Clear flag to clear all hotspot artifacts (event logs + ARP cache)
- Add -ClearHotspot flag to clear WLAN-AutoConfig event logs only
- Add -ClearArp flag to clear ARP cache only
- Display additional manual clear commands with warnings for broader-impact logs
Extract Windows Search queries, typed paths, and Run dialog history
from registry (WordWheelQuery, TypedPaths, RunMRU).
Includes warnings about Windows 11 limitations - modern search without
Microsoft account doesn't persist history due to cloud-first design.
Update TODO.md.
Add fastfetch-inspired system information tool with Windows 11
ASCII logo. Shows user, OS, hardware, memory, disk, uptime with
pretty ANSI colors. Supports -Logo small for compact output.
Uses dynamic padding for proper alignment and WMI/CIM for
hardware detection.
Collect Jump List artifacts showing recent files per application.
Includes smart app detection via content scanning, LNK file
enumeration with target extraction, and both automatic/custom
destinations. Supports -ShowAll and -MaxPerApp parameters.
Mark Jump Lists complete in TODO.md.
Collect SSH forensic data: known hosts with counts, SSH config,
keys, authorized_keys, PuTTY sessions, and server logs.
Update TODO.md with completed scripts.
Add PowerShell scripts for collecting forensic artifacts:
- USB/storage devices, mounted drives, portable devices
- Network history and hotspot connections
- Recent documents (OpenSavePidlMRU with PIDL parsing)
- System info and user enumeration with multiple output modes
Includes TODO.md for planned artifacts and updated README.
