Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “We discussed NTUSER.DAT, which is a registry hive containing information about user activity, including the execution of programs and the use of various applications.”
A block of code is set as follows:
kape.exe --tsource C:\ --tdest C:\ KAPE\output\ --target !BasicCollection,Symantec_AV_Logs,Chrome,ChromeExtensions, Edge,Firefox,InternetExplorer,WebBrowsers,ApacheAccessLog, $Boot,$J,$LogFile,$MFT,Amcache,ApplicationEvents,EventLogs, EventLogs-RDP,EventTraceLogs,EvidenceOfExecution,FileSystem, MOF,Prefetch,RDPCache,RDPLogs,RecentFileCache,Recycle,RecycleBin, RecycleBinContent,RecycleBinMetadata,RegistryHives, RegistryHivesSystem,RegistryHivesUser,ScheduledTasks,SRUM
Any command-line input or output is written as follows:
PECmd.exe -d C:\Windows\Prefetch --csv C:\temp --csvf Prefetch.csv
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: “What we notice here is that the Values tab holds data encoded in ROT-13. By clicking on the UserAssist tab, we can get the same details in human-readable format; you can also use decoding tools to decode the value as needed if that is required.”
Tips or important notes
Appear like this.
