The book details practical forensic approaches and explains techniques in a simple manner. The content is organized in a way that allows a user who only has basic computer skills to examine a device and extract the required data. A Windows computer would be helpful to successfully repeat the methods defined in this book. Where possible, methods for all computer platforms are provided.

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781789344523_ColorImages.pdf.

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "We can see that the MDNS protocol communicates over port 5353."

A block of code is set as follows:

#!/usr/bin/env python
# Author: Nipun Jaswal
from prettytable import PrettyTable
import operator
import subprocess

Any command-line input or output is written as follows:

SET global general_log = 1;

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Similarly, if you need to open a packet-capture file, you can press the
Open button, browse to the capture file, and load it in the Wireshark tool."