Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Windows Forensics Cookbook Over 60 practical recipes to acquire memory data and analyze systems with the latest Windows forensic tools

Product type Paperback

Published in Aug 2017

Publisher

ISBN-13 9781784390495

Length 274 pages

Edition 1st Edition

Tools

Windows OS

Concepts

Forensics

Authors (2):

Oleg Skulkin

Scar de Courcier

View More author details

Table of Contents (13) Chapters

Preface

1. Digital Forensics and Evidence Acquisition FREE CHAPTER

2. Windows Memory Acquisition and Analysis

3. Windows Drive Acquisition

4. Windows File System Analysis

5. Windows Shadow Copies Analysis

6. Windows Registry Analysis

7. Main Windows Operating System Artifacts

8. Web Browser Forensics

9. Email and Instant Messaging Forensics

10. Windows 10 Forensics

11. Data Visualization

12. Troubleshooting in Windows Forensic Analysis

Introduction

As mentioned in the introductory section, Windows machines run on NTFS (New Technology File System).

Using the tools that we will discuss in this chapter, you will be able to uncover information not only about the files, but also about the layout of the disk itself, including deleted files and unallocated space. This can be of the utmost importance in a forensic investigation, particularly in cases where a user may have tried to cover up their actions using anti-forensic methods.

Some tools allow you to undelete files as well, thus restoring them, in whole or in part, to how they looked before they were deleted. This does, of course, depend on the extent to which a file has been overwritten, however it can be a useful way to find out about things a suspect doesn't want you to see.

In cases where the metadata about the files has been deleted, file carving is employed...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

de Courcier

Scar de Courcier is Senior Editor at digital forensics website Forensic Focus. She also works as an independent consultant on online and offline child protection projects. In her spare time, she enjoys swimming, pretending she lives on the USS Voyager, and hanging out with her cat.

See other products by de Courcier

Oleg Skulkin

Oleg Skulkin is the Head of Digital Forensics and Malware Analysis Laboratory at Group-IB. Oleg has worked in the fields of digital forensics, incident response, and cyber threat intelligence and research for over a decade, fueling his passion for uncovering new techniques used by hidden adversaries. Oleg has authored and co-authored multiple blog posts, papers, and books on related topics and holds GCFA and GCTI certifications.

See other products by Oleg Skulkin