Windows Forensics: The Field Guide for Corporate Computer Investigations
Windows Forensics: The Field Guide for Corporate Computer Investigations
ISBN: 0470038624
EAN: 2147483647
EAN: 2147483647
Year: 2006
Pages: 71
Pages: 71
Authors: Chad Steel
- Windows Forensics: The Field Guide for Corporate Computer Investigations
- Back Cover
- About
- Chapter 1: Windows Forensics
- The Corporate Computer Forensic Analyst
- Windows Forensics
- People, Processes, and Tools
- Computer Forensics: Today and Tomorrow
- Additional Resources
- Chapter 2: Processing the Digital Crime Scene
- Identify the Scene
- Perform Remote Research
- Secure the Crime Scene
- Document the Scene
- Process the Scene for Physical Evidence
- Process the Scene for Electronic Evidence
- Chain of Custody
- Best Evidence
- Working with Law Enforcement
- Additional Resources
- Chapter 3: Windows Forensics Basics
- History and Versions
- Non-Volatile Storage
- Additional Resources
- Chapter 4: Partitions and File Systems
- Windows File Systems
- Additional Resources
- Chapter 5: Directory Structure and Special Files
- Windows 9x
- Additional Resources
- Chapter 6: The Registry
- Registry Basics
- Registry Analysis
- Advanced Registry Analysis
- Additional Resources
- Chapter 7: Forensic Analysis
- Chapter 8: Live System Analysis
- Covert Analysis
- Overt Analysis
- Additional Resources
- Chapter 9: Forensic Duplication
- Hard Disk Duplication
- Log File Duplication
- Additional Resources
- Chapter 10: File System Analysis
- Hash Analysis
- File Recovery
- Special Files
- Additional Resources
- Chapter 11: Log File Analysis
- Internet Logs
- Additional Resources
- Chapter 12: Internet Usage Analysis
- Peer-to-Peer Networking
- Instant Messaging
- Additional Resources
- Chapter 13: Email Investigations
- OutlookOutlook Express
- Lotus Notes
- Additional Resources
- Appendix A: Sample Chain of Custody Form
- Appendix B: Master Boot Record Layout
- Appendix C: Partition Types
- Appendix D: FAT32 Boot Sector Layout
- Appendix E: NTFS Boot Sector Layout
- Appendix F: NTFS Metafiles
- Appendix G: Well-Known SIDs
- List of Figures
- List of Tables
- List of Sidebars
Windows Forensics: The Field Guide for Corporate Computer Investigations
ISBN: 0470038624
EAN: 2147483647
EAN: 2147483647
Year: 2006
Pages: 71
Pages: 71
Authors: Chad Steel