Volatile Information can disappear or be easily modified. It retains its contents while powered on but when the power is interrupted the stored data is immediately lost.
I mentioned below few ways to get the volatile Information from windows.
1.To get history of commands used on the computer.
DOSKEY is a utility for DOS and Microsoft Windows that adds command history.
2. To get the current uptime and system events and statistics of the local or remote system.
If I use windows built-in Uptime.exe utility crashes with error message “Calculates system uptime and availability has stopped working” when I use with “/S” option. The /S option of uptime.exe gives the historical information about computer startup and shutdown times. This information is very useful to understand how many times a computer rebooted.
To overcome from the above error , use another utility called Uptime2.exe, you can download this from here.
Note: These volatile information will assist the investigator in forensic investigation.