Flylib.com
List of Figures
Previous page
Table of content
Next page
Chapter 3: Windows Forensics Basics
Figure 3-1: Windows client operating system usage
Figure 3-2: Disk platter layout
Figure 3-3: Hard Disk Sector Layout
Chapter 4: Partitions and File Systems
Figure 4-1: Hard disk master boot record
Figure 4-2: FAT partition layout
Figure 4-3: Drive fragmentation
Figure 4-4: MFT standard information for pagefile.sys
Figure 4-5: Compressed and uncompressed file comparison
Figure 4-6: Microsoft Certificates storage location
Chapter 6: The Registry
Figure 6-1: Windows Registry Editor
Figure 6-2: Registry activity viewed with Regmon
Figure 6-3: Windows Secret Explorer decryption
Figure 6-4: RegShot registry snapshot tool
Figure 6-5: Regmon dynamic analysis
Chapter 8: Live System Analysis
Figure 8-1: Computer Management console
Figure 8-2: Device Manager
Figure 8-3: Indexing Service query results
Figure 8-4: Port scan results
Figure 8-5: Windows Enumeration results
Figure 8-6: Spector Pro keystroke capture
Figure 8-7: Win ARP spoof software
Figure 8-8: FTP packet capture dt>
Figure 8-9: Clipboard contents
Figure 8-10: PuTTY connection to NetCat
Chapter 9: Forensic Duplication
Figure 9-1: Duplication timeframes for 100GB of data
Chapter 10: File System Analysis
Figure 10-1: Google Desktop search results
Figure 10-2: dtSearch output
Figure 10-3: WinHex search for GIF87
Figure 10-4: EnCase Enterprise searching
Figure 10-5: Initial FAT values
Figure 10-6: First data cluster initial values
Figure 10-7: Additional FAT entry for used cluster
Figure 10-8: File name directory entry
Figure 10-9: File contents
Figure 10-10: FAT cluster map after deletion
Figure 10-11: Directory entry after deletion
Figure 10-12: File data after deletion
Figure 10-13: File MFT directory entry
Figure 10-14: File data
Figure 10-15: MFT entry after deletion
Figure 10-16: File $DATA attribute location after deletion
Figure 10-17: FreeUndelete recovery of test.txt
Figure 10-18: Start of the spool file
Figure 10-19: User name in the print file
Figure 10-20: Reconstructed printer file
Figure 10-21: Google Search LNK file properties
Chapter 11: Log File Analysis
Figure 11-1: Virus infection details
Figure 11-2: Sample application log filtering
Figure 11-3: Printing event
Figure 11-4: Browser report showing a Nessus scan
Chapter 12: Internet Usage Analysis
Figure 12-1: Favorites folder contents
Figure 12-2: Properties of a favorite link
Figure 12-3: Malicious Hosts file entry
Figure 12-4: NetAnalysis output
Figure 12-5: Pasco output
Figure 12-6: WinHex view of URL records
Figure 12-7: The http://www.bookmarks.html file viewed as a web page
Figure 12-8: http://www.bookmarks.html in Bookmark Manager
Figure 12-9: The history.dat file viewed with NetAnalysis
Figure 12-10: Firefox disk cache
Figure 12-11: Cookie contents
Chapter 13: Email Investigations
Figure 13-1: Outlook Express Inbox
Figure 13-2: OE Viewer contents of a folder called Test
Figure 13-3: Actual message source
Figure 13-4: Find Message searching in Outlook Express
Figure 13-5: Windows Address Book in Outlook Express
Figure 13-6: Recovered Windows Address Book
Figure 13-7: Outlook Journal features
Figure 13-8: Outlook search for messages to smith@foo.com
Figure 13-9: Notes Access Control List
Figure 13-10: Notes message search
Figure 13-11: Lotus Notes address book
Previous page
Table of content
Next page
Windows Forensics: The Field Guide for Corporate Computer Investigations
ISBN: 0470038624
EAN: 2147483647
Year: 2006
Pages: 71
Authors:
Chad Steel
BUY ON AMAZON
Qshell for iSeries
The EDTF Text Editor
The Exit Status and Decision-Making
Command-Line Arguments
Functions
Scripts - Debugging, Signals, and Traps
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
The Enable Password
Types of Access Lists
OSPF
AutoQoS
Tunnels
Information Dashboard Design: The Effective Visual Communication of Data
Dispelling the Confusion
Variations in Dashboard Uses and Data
Categorizing Dashboards
Tapping into the Power of Visual Perception
Eloquence Through Simplicity
File System Forensic Analysis
Digital Crime Scene Investigation Process
File Name Category
Basic Concepts
Extended Attributes
UFS1 Group Descriptor
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
Setting Up a Drawing
Gaining Drawing Strategies: Part 1
Grouping Objects into Blocks
Dimensioning a Drawing
Managing External References
Python Standard Library (Nutshell Handbooks) with
The base64 Module
The gopherlib Module
The winsound Module
The msvcrt Module
The posix Module
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies