Flylib.com
List of Figures
Previous page
Table of content
Next page
Chapter 3: Windows Forensics Basics
Figure 3-1: Windows client operating system usage
Figure 3-2: Disk platter layout
Figure 3-3: Hard Disk Sector Layout
Chapter 4: Partitions and File Systems
Figure 4-1: Hard disk master boot record
Figure 4-2: FAT partition layout
Figure 4-3: Drive fragmentation
Figure 4-4: MFT standard information for pagefile.sys
Figure 4-5: Compressed and uncompressed file comparison
Figure 4-6: Microsoft Certificates storage location
Chapter 6: The Registry
Figure 6-1: Windows Registry Editor
Figure 6-2: Registry activity viewed with Regmon
Figure 6-3: Windows Secret Explorer decryption
Figure 6-4: RegShot registry snapshot tool
Figure 6-5: Regmon dynamic analysis
Chapter 8: Live System Analysis
Figure 8-1: Computer Management console
Figure 8-2: Device Manager
Figure 8-3: Indexing Service query results
Figure 8-4: Port scan results
Figure 8-5: Windows Enumeration results
Figure 8-6: Spector Pro keystroke capture
Figure 8-7: Win ARP spoof software
Figure 8-8: FTP packet capture dt>
Figure 8-9: Clipboard contents
Figure 8-10: PuTTY connection to NetCat
Chapter 9: Forensic Duplication
Figure 9-1: Duplication timeframes for 100GB of data
Chapter 10: File System Analysis
Figure 10-1: Google Desktop search results
Figure 10-2: dtSearch output
Figure 10-3: WinHex search for GIF87
Figure 10-4: EnCase Enterprise searching
Figure 10-5: Initial FAT values
Figure 10-6: First data cluster initial values
Figure 10-7: Additional FAT entry for used cluster
Figure 10-8: File name directory entry
Figure 10-9: File contents
Figure 10-10: FAT cluster map after deletion
Figure 10-11: Directory entry after deletion
Figure 10-12: File data after deletion
Figure 10-13: File MFT directory entry
Figure 10-14: File data
Figure 10-15: MFT entry after deletion
Figure 10-16: File $DATA attribute location after deletion
Figure 10-17: FreeUndelete recovery of test.txt
Figure 10-18: Start of the spool file
Figure 10-19: User name in the print file
Figure 10-20: Reconstructed printer file
Figure 10-21: Google Search LNK file properties
Chapter 11: Log File Analysis
Figure 11-1: Virus infection details
Figure 11-2: Sample application log filtering
Figure 11-3: Printing event
Figure 11-4: Browser report showing a Nessus scan
Chapter 12: Internet Usage Analysis
Figure 12-1: Favorites folder contents
Figure 12-2: Properties of a favorite link
Figure 12-3: Malicious Hosts file entry
Figure 12-4: NetAnalysis output
Figure 12-5: Pasco output
Figure 12-6: WinHex view of URL records
Figure 12-7: The http://www.bookmarks.html file viewed as a web page
Figure 12-8: http://www.bookmarks.html in Bookmark Manager
Figure 12-9: The history.dat file viewed with NetAnalysis
Figure 12-10: Firefox disk cache
Figure 12-11: Cookie contents
Chapter 13: Email Investigations
Figure 13-1: Outlook Express Inbox
Figure 13-2: OE Viewer contents of a folder called Test
Figure 13-3: Actual message source
Figure 13-4: Find Message searching in Outlook Express
Figure 13-5: Windows Address Book in Outlook Express
Figure 13-6: Recovered Windows Address Book
Figure 13-7: Outlook Journal features
Figure 13-8: Outlook search for messages to smith@foo.com
Figure 13-9: Notes Access Control List
Figure 13-10: Notes message search
Figure 13-11: Lotus Notes address book
Previous page
Table of content
Next page
Windows Forensics: The Field Guide for Corporate Computer Investigations
ISBN: 0470038624
EAN: 2147483647
Year: 2006
Pages: 71
Authors:
Chad Steel
BUY ON AMAZON
SQL Tips & Techniques (Miscellaneous)
Using SQL Data Definition Language (DDL) to Create Data Tables and Other Database Objects
Using SQL Data Manipulation Language (DML) to Insert and Manipulate Data Within SQL Tables
Creating Indexes for Fast Data Retrieval
Working with Data BLOBs and Text
Working with Ms-sql Server Information Schema View
Snort Cookbook
Sniffing Gigabit Ethernet
Logging in Binary
Managing Snort Sensors
Administering Snort with IDS Policy Manager
Tools for Testing Signatures
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Local Area Network (LAN) Technologies
Wide Area Network (WAN) Technologies
Internet Protocol (IP) Basics
Transmission Control Protocol (TCP) Retransmission and Time-Out
Dynamic Host Configuration Protocol (DHCP) Server Service
Cisco IOS Cookbook (Cookbooks (OReilly))
Enabling Absolute Timeouts on VTY Lines
Redistributing Routes with BGP
Simple Bridging
Using DHCP to Dynamically Configure Router IP Addresses
Using Route Maps to Refine Static Translation Rules
Cisco CallManager Fundamentals (2nd Edition)
Dialing Transformations
Translation Patterns
Summary
H.323 Gateways
SIP Signaling
Data Structures and Algorithms in Java
Analysis of Algorithms
The Set Interface
Summary
D.1. Data Structures and Algorithms
D.3. Games
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies