# Page Not Found

The URL `dfir/windows-forensics/evidence-of-execution` does not exist.

You might be looking for one of these pages:
- [Evidence Collection](https://rootguard.gitbook.io/cyberops/defensive-security/dfir/initial-triage-and-response/evidence-collection.md)
- [Evidence of Execution Forensics – SOCb Analyst Cheatsheet](https://rootguard.gitbook.io/cyberops/defensive-security/dfir/initial-triage-and-response/evidence-of-execution-forensics-socb-analyst-cheatsheet.md)
- [Enhanced Windows Event Log Investigation Guide](https://rootguard.gitbook.io/cyberops/defensive-security/dfir/window-forensics/enhanced-windows-event-log-investigation-guide.md)
- [File and Folder Access Investigation Guide](https://rootguard.gitbook.io/cyberops/defensive-security/dfir/window-forensics/file-and-folder-access-investigation-guide.md)
- [Program Execution Artifacts Investigation Guide](https://rootguard.gitbook.io/cyberops/defensive-security/dfir/window-forensics/program-execution-artifacts-investigation-guide.md)

## How to find the correct page

1. **Browse the full index**: [/sitemap.md](https://rootguard.gitbook.io/cyberops/sitemap.md) - Complete documentation index
2. **View the full content**: [/llms-full.txt](https://rootguard.gitbook.io/cyberops/llms-full.txt) - Full content export

## Tips for requesting documentation

- For markdown responses, append `.md` to URLs (e.g., `/cyberops/defensive-security/dfir/initial-triage-and-response/evidence-collection.md`)
- Use `Accept: text/markdown` header for content negotiation