Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Windows Forensics Cookbook Over 60 practical recipes to acquire memory data and analyze systems with the latest Windows forensic tools

Product type Paperback

Published in Aug 2017

Publisher

ISBN-13 9781784390495

Length 274 pages

Edition 1st Edition

Tools

Windows OS

Concepts

Forensics

Authors (2):

Oleg Skulkin

Scar de Courcier

View More author details

Table of Contents (13) Chapters

Preface

1. Digital Forensics and Evidence Acquisition FREE CHAPTER

2. Windows Memory Acquisition and Analysis

3. Windows Drive Acquisition

4. Windows File System Analysis

5. Windows Shadow Copies Analysis

6. Windows Registry Analysis

7. Main Windows Operating System Artifacts

8. Web Browser Forensics

9. Email and Instant Messaging Forensics

10. Windows 10 Forensics

11. Data Visualization

12. Troubleshooting in Windows Forensic Analysis

Introduction

Some features of Windows operating systems produce a great number of valuable artifacts that can be further used as pieces of digital evidence. The most common sources of such artifacts are the Recycle Bin, Windows Event Logs, LNK files, and Prefetch files.

The Recycle Bin contains files and folders that have been deleted by the user via the right-click menu. In fact, these files are not deleted from the file system, but only moved from their original location into the Recycle Bin. There are two formats of the Recycle Bin: the Recycler format (Windows 2000, XP) - files are stored under C:\Recycler\%SID%\ and their metadata is stored in the INFO2 file; and the $Recycle.Bin format - files are stored under C:\$Recycle.Bin\%SID%\ in $R file, and their metadata is stored in $I files.

As you can guess from the name, Windows Event Logs collect information about different...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at AU $24.99/month. Cancel anytime

Authors (2)

de Courcier

Scar de Courcier is Senior Editor at digital forensics website Forensic Focus. She also works as an independent consultant on online and offline child protection projects. In her spare time, she enjoys swimming, pretending she lives on the USS Voyager, and hanging out with her cat.

See other products by de Courcier

Oleg Skulkin

Oleg Skulkin is the Head of Digital Forensics and Malware Analysis Laboratory at Group-IB. Oleg has worked in the fields of digital forensics, incident response, and cyber threat intelligence and research for over a decade, fueling his passion for uncovering new techniques used by hidden adversaries. Oleg has authored and co-authored multiple blog posts, papers, and books on related topics and holds GCFA and GCTI certifications.

See other products by Oleg Skulkin