Windows forensics cookbook: 16 recipes to help you analyze windows systems / Oleg Skulkin, and Scar de Courcier
Publication details: Birmingham-Mumbai Packt Publishing c2017Description: viii, 256 p. ill. 24 cmISBN:- 9781784390495
- 005.4469 SKU 23
Item type | Current library | Call number | Copy number | Status | Date due | Barcode |
---|---|---|---|---|---|---|
Book Closed Access | Engineering Library | 005.4469 SKU (Browse shelf(Opens below)) | 1 | Available | BUML24010364 |
Browsing Engineering Library shelves Close shelf browser (Hides shelf browser)
005.4469 MIC 4 Microsoft windows 2000 active directory services / | 005.4469 O'LE 1 Microsoft Windows 98 / | 005.4469 RAY 1 Sams teach yourself Mac OS X in 24 hours / | 005.4469 SKU Windows forensics cookbook: 16 recipes to help you analyze windows systems / | 005.4469 TEA 1 Teach yourself Windows 95 visually / | 005.4469 WEI Illustrator 9 for windows and macintosh / | 005.4469 WEI 1 Illustrator 9 for windows and macintosh / |
Table of content
Chapter 1. Digital forensic and evidence acquisition
Introduction
Identifying evidence sources
Ensuring evidence forensically sound
Writing report
Digital forensic investigation- an international field
etc
Chapter 2. Window memory acquisition and analysis
Introduction
Window memory acquisition with belkasoft RAM capturer
Window memory acquisition with dumplt
Window memory image analysis with volatility
Variations in windows versions
Chapter 3. Window drive acquisition
Drive acquisition in E01 format with FTK imager
Drive acquisition in RAW format with dc3dd
Mounting forensic image with Arsenal image mounter
Chapter 4. Windows file system analysis
NTFS analysis with the sleuth kit
Undeleting files from NTFS with autopsy
Undeleting files from ReFS with ReclaiME file recovery
File carving with photoRec
Chapter 5. Window shadow copies analysis
Browsing and copying files from VSCs on live system with shadowCopy view
Mounting VSCs from disk images with VSSADMIN and MKLINK
Processing and analysing VSC data magnet AXIOM
Chapter 6. Window registry analysis
Extracting and viewing windows registry files with magnet AXIOM
Parsing registry file with RegRipper
Recovering deleted registry artifact with registry explorer
Registry analysis with FTK REGISTRY VIEWER
Chapter 7 Main windows operating system artifacts
Recycle bin content analysis with Encase forensic
Recycle bin content analysis with Rifiuti2
Recycle bin content analysis with Magmnet AXIOM
Event log analysis with FullEventLogview
Event log analysis with Magnet AXIOM
etc
Chapter 8. Web browser forensics
Mozilla Firefox analysis with blackbag's blacklight
Google chrome analysis with Magnet AXIOM
Microsoft internet explorer and Microsoft edge analysis with Belkasoft evidence center
Extracting Web browser data from pagefile.sys
Chapter 9. Email and instant messaging forensics
Outlook mail box parsing with Intella
Thunderbird mailbox parsing with autopsy
Webmail analysis with Magnet AXIOM
Skype forensics with Belkasoft Evidence center
Skype forensic with SkypeLog View
Chapter 10. Windows 10 forensics
Parsing Windows 10 Notification
Cortina forensics
One Drive forensic
Dropbox forensics
Window 10 mail app
Window 10 Xbox App
Chapter 11. Data Visualization
Data Visualization with FTK
Making a timeline in Autopsy
Chapter 12. Troubleshooting in Windows Forensic Analysis
Troubleshooting in commercial tools
Troubleshooting in free and open source tool
Troubleshooting when processes fail
False positives during data processing with digital forensics software
Taking your first steps in digital forensics
Advanced further reading
Includes Index p. 253-257
There are no comments on this title.