Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Windows Forensics Analyst Field Guide

You're reading from   Windows Forensics Analyst Field Guide Engage in proactive cyber defense using digital forensics techniques

Arrow left icon
Product type Paperback
Published in Oct 2023
Publisher Packt
ISBN-13 9781803248479
Length 318 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Muhiballah Mohammed Muhiballah Mohammed
Author Profile Icon Muhiballah Mohammed
Muhiballah Mohammed
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Part 1:Windows OS Forensics and Lab Preparation
2. Chapter 1: Introducing the Windows OS and Filesystems and Getting Prepared for the Labs FREE CHAPTER 3. Chapter 2: Evidence Acquisition 4. Chapter 3: Memory Forensics for the Windows OS 5. Chapter 4: The Windows Registry 6. Chapter 5: User Profiling Using the Windows Registry 7. Part 2:Windows OS Additional Artifacts
8. Chapter 6: Application Execution Artifacts 9. Chapter 7: Forensic Analysis of USB Artifacts 10. Chapter 8: Forensic Analysis of Browser Artifacts 11. Chapter 9: Exploring Additional Artifacts 12. Index 13. Other Books You May Enjoy

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “We discussed NTUSER.DAT, which is a registry hive containing information about user activity, including the execution of programs and the use of various applications.”

A block of code is set as follows:

kape.exe --tsource C:\ --tdest C:\ KAPE\output\ --target !BasicCollection,Symantec_AV_Logs,Chrome,ChromeExtensions,
Edge,Firefox,InternetExplorer,WebBrowsers,ApacheAccessLog,
$Boot,$J,$LogFile,$MFT,Amcache,ApplicationEvents,EventLogs,
EventLogs-RDP,EventTraceLogs,EvidenceOfExecution,FileSystem,
MOF,Prefetch,RDPCache,RDPLogs,RecentFileCache,Recycle,RecycleBin,
RecycleBinContent,RecycleBinMetadata,RegistryHives,
RegistryHivesSystem,RegistryHivesUser,ScheduledTasks,SRUM

Any command-line input or output is written as follows:

PECmd.exe  -d C:\Windows\Prefetch --csv C:\temp --csvf Prefetch.csv

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: “What we notice here is that the Values tab holds data encoded in ROT-13. By clicking on the UserAssist tab, we can get the same details in human-readable format; you can also use decoding tools to decode the value as needed if that is required.”

Tips or important notes

Appear like this.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime