Windows 11 Storage Crisis Investigation
- fabztechtips
- Jun 22
- 3 min read
Introduction
As part of my ongoing home lab activities, I recently simulated a Windows 11 storage incident to practice desktop support troubleshooting, root cause analysis, and preventative maintenance.
The objective was to investigate a workstation experiencing severe performance degradation due to low disk space, identify the root cause using TreeSize Free, remediate the issue, and implement a long-term solution to prevent the problem from reoccurring.
Incident Overview
A user reported that their Windows 11 workstation had become increasingly slow over time. Applications were taking significantly longer to launch, Outlook was experiencing synchronization issues, and Windows Updates were failing to install.
In addition, the user reported receiving frequent low disk space warnings.
After reviewing the incident ticket, I began investigating the issue.

Verifying the Problem
The first step was to confirm the symptoms reported by the user.
Opening This PC immediately revealed that the C: drive was critically low on available storage. The drive indicator had turned red, confirming that the workstation was suffering from severe storage exhaustion.
At this stage, the source of the storage consumption was unknown.

Why I Chose TreeSize Free
Windows provides built-in storage tools through Storage Settings and Storage Sense. While these tools are useful for general storage management, they do not provide the level of detail required for a thorough incident investigation.
For this scenario, I needed to:
Identify the exact location of the storage consumption
Drill into nested folder structures
Sort files by size
Determine the root cause rather than simply remove temporary files
TreeSize Free was therefore selected as the primary investigation tool.
Investigating Disk Usage
TreeSize Free was installed and launched with administrative privileges before performing a full scan of the C: drive.
The scan quickly highlighted a single folder that was consuming the majority of available disk space.

Further investigation revealed that the primary offender was the following directory:
C:\LogsThis folder alone accounted for a significant percentage of total disk usage.
Drilling Down into the Logs Directory
Expanding the Logs directory revealed multiple oversized application log files spread across several subfolders.
TreeSize made it possible to sort files by size and quickly identify the largest consumers of storage.
Examples included:
Chrome Debug Logs
Photoshop Rendering Logs
Outlook Synchronisation Logs
Teams Meeting Diagnostics Logs
OneDrive Synchronisation Logs
Windows Update Debug Logs
Antivirus Scan Logs
Application Crash Logs
Several individual files exceeded multiple gigabytes in size.

Root Cause Analysis
After reviewing the contents of the Logs directory, it became clear that excessive application logging was responsible for the storage exhaustion.
Multiple applications had generated large diagnostic and debugging logs over an extended period. Because no retention policy existed, the files continued growing unchecked until they consumed the majority of the available disk space.
This uncontrolled growth eventually impacted overall system performance and triggered the symptoms reported by the user.
Remediation
With the source identified, the oversized log files were removed from the system.
A follow-up TreeSize scan confirmed that the excessive storage consumption had been eliminated and that the Logs directory was no longer impacting overall disk capacity.
Available free space increased significantly following the cleanup.


Implementing a Preventative Solution
Resolving the immediate issue was only part of the investigation. To prevent the problem from returning, I implemented an automated log retention process using PowerShell and Windows Task Scheduler.
The solution automatically identifies log files bigger then 5 gigabytes, compresses them into an archive, and removes the original files. This approach preserves historical troubleshooting data while preventing uncontrolled storage growth.
The retention script was configured to execute daily through Task Scheduler, ensuring that log management occurs automatically without requiring manual intervention.




Results
Following remediation and implementation of the retention process:
Disk space was successfully recovered
System performance improved
The root cause was identified and documented
Historical logs could still be retained through compression and archiving
The risk of future storage exhaustion was significantly reduced
The incident was then formally closed.

Conclusion
This exercise provided valuable experience in desktop support troubleshooting and reinforced the importance of root cause analysis when responding to incidents.
Rather than relying solely on Windows Storage Sense, TreeSize Free enabled a detailed investigation that quickly identified the exact source of the storage consumption. By combining targeted remediation with an automated retention policy, the issue was resolved while also reducing the likelihood of recurrence.
The project also demonstrated practical skills in Windows administration, storage analysis, PowerShell automation, Task Scheduler configuration, and incident documentation—all of which are relevant to real-world desktop support and systems administration roles.



Comments