Digital forensic analysis is fundamental for comprehending malware attacks and rebuilding the actions taken by attackers to compromise information systems. Modern malware frequently employs sophisticated persistence and evasion techniques that leave behind evidence, known as Indicators of Compromise (IoCs), on various artefacts, including disk, memory, and network environment. Identifying such IoCs is of prime importance for post-mortem analysis, enabling analysts to infer attacker actions and impact on the system. Nonetheless, the amount and intricacy of forensic data present significant problems, therefore rendering the process laborious and prone to oversights. This thesis examines the identification of IoCs in Windows and Linux environments and explores the combination of automation and AI to assist forensic workflows.