The increasing sophistication of modern cyber threats, particularly file-less malware relying on "living off the land" techniques, poses significant challenges to traditional detection mechanisms. Memory forensics has emerged as a critical approach to detecting such threats by analysing dynamic changes in system memory. This research introduces SPECTRE (Snapshot Processing, Emulation, Comparison, and Threat Reporting Engine), a modular Cyber incident response system designed to enhance threat detection, investigation, and visualization. By adopting Volatility's JSON format as an intermediate output, SPECTRE ensures compatibility with widely used Digital Forensics and Response (DFIR) tools, minimizing manual data transformations and enabling seamless integration into established workflows. Its emulation capabilities safely replicate realistic attack scenarios, such as credential dumping and malicious process injections, for controlled experimentation and validation. The anomaly detection module addresses critical attack vectors, including RunDLL32 abuse and malicious IP detection, while the IP forensics module enhances threat intelligence by integrating tools like Virus Total and geolocation APIs. SPECTRE's advanced visualization techniques transform raw memory data into actionable insights, aiding Red, Blue, and Purple teams in refining their strategies and responding more effectively to emerging threats. Bridging gaps between memory and network forensics, SPECTRE offers a scalable, robust platform for advancing threat detection, team training, and forensic research in combating sophisticated cyber threats.

Windows represents the most common platform found in seized computers due to its widespread presence. This disparity has become worse due to the introduction of Microsoft's Windows. Post Cyber Incident analysis of Microsoft Windows machines has become increasingly challenging due to the everevolving nature of digital threats. Traditional digital forensics methods often struggle to keep pace with modern cybercrime activities' volume, sophistication, and complexity, which either target or originate from Windows machines. In response to these challenges, this research introduces WinRegRL, a framework that combines Reinforcement Learning (RL) and Rule-Based Artificial Intelligence (RB-AI) to enhance the efficiency, effectiveness and accuracy of digital investigations in the context of Windows Operating Systems. WinRegRL fully captures key information, elaborates the MDP environment, solves the RL problem and extracts expertise for later use. Implementation and testing of WinRegRL validated the research hypothesis by enabling optimised analysis and correlation of Registry forensics. Results prove that the proposed RL model out-performs all previous approaches including bling automation and human expert performance in terms of time, the number of artefacts explored, and the accuracy of results. Another advantage of the proposed framework is the ease of repetition, especially in this context, more than one machine of the same configuration is under investigation, a context often faced in real DFIR practice.