Begin at the Beginning

Even back in the day of Windows NT, logs were important. This might surprise some of you who have experience with Windows NT, but it is true. The difficulty with logs from that operating system is the way in which they were stored. Logs from the Windows NT era often stored little (but important) bits of information on various computers. Thus, investigations that spanned a large number of nodes across a geographically diverse area were exponentially more difficult. This distributed log storage ended with introduction of Windows 2000. Not only were Windows 2000 logs more aggregated, but they contained far greater detail. In the investigation of computer intrusions, details are the investigator’s best friend (well, that and ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.