Scripting and Programing for Forensics Examiner

It will be a good skill set if you can learning some scripting and programing language to speed-up your Digital Forensics works/investigation.

I know, there are tools available out there to help you. However you need to go deep, under the hood to understand what is going on.

You can start with Python if you like :)
http://www.python.org

A pure Python interface to parsing and reading Windows Registry files:
http://www.williballenthin.com/registry
python-registry was originally written by Willi Ballenthin

or VBscript:
http://msdn.microsoft.com/en-us/library/t0aew7h6%28v=VS.85%29.aspx

Investigate and validating email addresses source

The link below will teach you on:

How to trace an email address source from most popular email service provider and application:
http://www.onimoto.com/cache/50.html
http://www.visualware.com/resources/tutorials/email.html
http://www.howtogeek.com/108205/htg-explains-what-can-you-find-in-an-email-header/

Validating the email address source:
http://centralops.net/co/EmailDossier.aspx

Free Online Tracking E-Mail Header:
http://www.ip-address.org/tracker/trace-email.php
http://www.traceemail.com/trace-email-header.html

PST Files Process

Remember that before you do PST files processing, please make sure that all the PST files have no password protected. Else you will miss the important data needed.

One nice free tool to recover the password:
http://www.nirsoft.net/utils/pst_password.html

How the password is saved in the pst file ?
http://www.nirsoft.net/articles/pst_password_bug.html

Detecting a Password Protected PST:
http://blogs.msdn.com/b/stephen_griffin/archive/2009/02/17/detecting-a-password-protected-pst.aspx

Outlook Personal Folders (.pst) File Format:
http://msdn.microsoft.com/en-us/library/ff385210%28v=office.12%29.aspx
"4.2 Strength of PST Password
The PST Password, which is stored as a property value in the Message store, is a superficial mechanism that requires the client implementation to enforce the stored password. Because the password itself is not used as a key to the encoding and decoding cipher algorithms, it does not provide any security benefit to preventing the PST data to be read by unauthorized parties.
Moreover, the password is stored as a CRC-32 hash of the original password string, which is prone to collisions and is relatively weak against a brute-force approach."

Tracing MAC Address Manufacturer

You only need to enter the first six hexadecimal digits of any MAC address to get the manufacturer. Most of the common formats are supported: 00e0cf or 00:e0:cf or 00e0.cfe2.acd1 or 00-e0-cf or 00 E0 CF would all be interpreted as 00e0cf.

http://curreedy.com/stu/nic/
http://www.coffer.com/mac_find/
https://db.uga.edu/network/public/vendorcode.cgi

Windows Event Logs Location

Where to find the event logs:
 
Windows OS version: NT/ Win2000/ XP/ Server 2003
Filetype: *.evt
Folder: %SystemRoot%\System32\config
Filename: SecEven.evt, AppEvent.evt, SysEvent.evt

Window OS version: Vista/ Win7 / Win8 / 2008/ 2012/ Win10/ 2016
Filetype: *.evtx
Folder: %SystemRoot%\System32\winevt\logs\
Filename: Security.evtx, Application.evtx, System.evtx

Windows 7 Computer Forensics

Here are some nice link to learn about Windows 7 Forensics. Enjoy :)!

http://computer-forensics.sans.org/blog/2009/10/27/windows-7-computer-forensics

http://computer-forensics.sans.org/blog/2011/07/05/shellbags

http://computer-forensics.sans.org/blog/2009/09/09/computer-forensic-guide-to-profiling-usb-thumbdrives-on-win7-vista-and-xp

Investigate domains and IP addresses

Get registrant information, DNS records, Whois and more:

http://www.domaintools.com/
http://centralops.net/co/
http://www.geobytes.com/IpLocator.htm