Forensic Analysis of Windows Systems
Steve J. Chapin, Syracuse University
Chester J. Maciag, Air Force Research Laboratory
Applications of Digital Forensics
Information of Potential Interest to a First Responder
Overview of the Windows Registry
Windows NTFS File System and Storage
Application-Specific File Types
Windows-Specific Special Files
Logging and Auditing in Windows
Preparing the Analysis Toolkit
Capturing Volatile System Information
Recent System Activity and Configuration
Recent User Activity and Preferences
INTRODUCTION
Digital forensics is the science and practice of identifying, preserving, collecting, validating, analyzing, interpreting, documenting, and presenting digital evidence for the purpose of facilitating or furthering event reconstruction (DFRWS, 2004). Although a common goal of digital forensics is the presentation of evidence for a legal proceeding by a forensic practitioner, this chapter focuses on the general principles of digital forensics used by first responders and system administrators for diagnosing unauthorized actions that are shown to be disruptive to organizational processes and policies.
Forensics is not intrusion detection, although the two ...
Get Handbook of Information Security: Information Warfare, Social, Legal, and International Issues and Security Foundations, Volume 2 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
