Page numbers followed by f indicates a figure and t indicates a table.


AccessData FTK Enterprise, 175f
Active monitoring artifacts, 429, 429f
Active network connections, 15–16
Active system monitoring, 371–379
CurrProcess, 372
DirMon, 373
Explorer Suite/Task Explorer, 372
File Monitor, 372
file system monitoring, 372–373, 373f
MiTec Process Viewer, 372
process activity monitoring, 371f
Process Hacker, 372
ProcessActivityView, 372, 373
registry monitoring, 372, 374, 374f
Tiny Watcher, 373
Address Resolution Protocol (ARP), 17
ARP cache, 17
American Bar Association (ABA), 207
American Recovery and Reinvestment Act (ARRA), 215
American Standard Code for Information Interchange (ASCII), 32, 418
AnalogX ...

Get Malware Forensics Field Guide for Windows Systems now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.