top of page
Search

Windows 11 Storage Crisis Investigation

  • fabztechtips
  • Jun 22
  • 3 min read

Introduction

As part of my ongoing home lab activities, I recently simulated a Windows 11 storage incident to practice desktop support troubleshooting, root cause analysis, and preventative maintenance.


The objective was to investigate a workstation experiencing severe performance degradation due to low disk space, identify the root cause using TreeSize Free, remediate the issue, and implement a long-term solution to prevent the problem from reoccurring.

Incident Overview

A user reported that their Windows 11 workstation had become increasingly slow over time. Applications were taking significantly longer to launch, Outlook was experiencing synchronization issues, and Windows Updates were failing to install.

In addition, the user reported receiving frequent low disk space warnings.

After reviewing the incident ticket, I began investigating the issue.

Verifying the Problem

The first step was to confirm the symptoms reported by the user.

Opening This PC immediately revealed that the C: drive was critically low on available storage. The drive indicator had turned red, confirming that the workstation was suffering from severe storage exhaustion.

At this stage, the source of the storage consumption was unknown.



Why I Chose TreeSize Free

Windows provides built-in storage tools through Storage Settings and Storage Sense. While these tools are useful for general storage management, they do not provide the level of detail required for a thorough incident investigation.

For this scenario, I needed to:

  • Identify the exact location of the storage consumption

  • Drill into nested folder structures

  • Sort files by size

  • Determine the root cause rather than simply remove temporary files

TreeSize Free was therefore selected as the primary investigation tool.

Investigating Disk Usage

TreeSize Free was installed and launched with administrative privileges before performing a full scan of the C: drive.

The scan quickly highlighted a single folder that was consuming the majority of available disk space.



Further investigation revealed that the primary offender was the following directory:

C:\Logs

This folder alone accounted for a significant percentage of total disk usage.



Drilling Down into the Logs Directory

Expanding the Logs directory revealed multiple oversized application log files spread across several subfolders.


TreeSize made it possible to sort files by size and quickly identify the largest consumers of storage.


Examples included:

  • Chrome Debug Logs

  • Photoshop Rendering Logs

  • Outlook Synchronisation Logs

  • Teams Meeting Diagnostics Logs

  • OneDrive Synchronisation Logs

  • Windows Update Debug Logs

  • Antivirus Scan Logs

  • Application Crash Logs

Several individual files exceeded multiple gigabytes in size.



Root Cause Analysis

After reviewing the contents of the Logs directory, it became clear that excessive application logging was responsible for the storage exhaustion.

Multiple applications had generated large diagnostic and debugging logs over an extended period. Because no retention policy existed, the files continued growing unchecked until they consumed the majority of the available disk space.

This uncontrolled growth eventually impacted overall system performance and triggered the symptoms reported by the user.


Remediation

With the source identified, the oversized log files were removed from the system.

A follow-up TreeSize scan confirmed that the excessive storage consumption had been eliminated and that the Logs directory was no longer impacting overall disk capacity.

Available free space increased significantly following the cleanup.



Implementing a Preventative Solution

Resolving the immediate issue was only part of the investigation. To prevent the problem from returning, I implemented an automated log retention process using PowerShell and Windows Task Scheduler.


The solution automatically identifies log files bigger then 5 gigabytes, compresses them into an archive, and removes the original files. This approach preserves historical troubleshooting data while preventing uncontrolled storage growth.

The retention script was configured to execute daily through Task Scheduler, ensuring that log management occurs automatically without requiring manual intervention.



Results

Following remediation and implementation of the retention process:

  • Disk space was successfully recovered

  • System performance improved

  • The root cause was identified and documented

  • Historical logs could still be retained through compression and archiving

  • The risk of future storage exhaustion was significantly reduced

The incident was then formally closed.



Conclusion

This exercise provided valuable experience in desktop support troubleshooting and reinforced the importance of root cause analysis when responding to incidents.

Rather than relying solely on Windows Storage Sense, TreeSize Free enabled a detailed investigation that quickly identified the exact source of the storage consumption. By combining targeted remediation with an automated retention policy, the issue was resolved while also reducing the likelihood of recurrence.


The project also demonstrated practical skills in Windows administration, storage analysis, PowerShell automation, Task Scheduler configuration, and incident documentation—all of which are relevant to real-world desktop support and systems administration roles.

 
 
 

Comments


©2023 by FabzTechTips

bottom of page