CHAPTER 7

Windows Forensics

    After completing this chapter, you should be able to

 

        • Define volatile and nonvolatile information and describe techniques for collecting nonvolatile information, including cache, cookie, and history analysis

        • Discuss various forensic tools and how to search with the Microsoft Event Viewer

        • Explain various processes involved in forensic investigation of a Windows system, such as memory and registry analysis, Internet Explorer cache analysis, cookie analysis, MD5 calculation, Windows file analysis, and metadata investigation

        • Explain how to parse process memory and a memory dump, and how to analyze restore point registry settings

        • Discuss Windows password security issues, ...

Get CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.