Video description
Files, email messages, and social media posts all contain valuable information for digital forensic investigators when searching for evidence of a crime or intrusions into a computer system or network, but there’s also a wealth of information to be gleaned from a computer’s operating system. This includes user data, configuration settings, and a significant trail of user activities. Today, there are a number of tools available to extract and analyze this information.
In this course designed for entry- to intermediate-level law enforcement and corporate investigators, you’ll learn how to use readily available, open source tools to find valuable information in the Windows Registry. You’ll also see how to create and use logs with Windows Event Log and Linux Syslog, which you then can examine for traces of suspicious or unauthorized activity. Finally, you’ll look at the techniques employed by investigators to handle and process all of this important information to assist you in your forensic tasks.
Table of contents
- Introduction
-
Windows Analysis
- Windows Registry
- Registry Hives
- Using regshot
- Using regripper to extract information
- Reading regripper output
- SysInternals Tools
- Network Connections with TCPView
- Process Information with ProcExp
- Windows Event Viewer
- Windows Event Logs
- Windows Auditing
- Home Directories
- User Specific Settings
- Process Listings
- Identifying Permissions
- Linux Analysis
- Conclusion
Product information
- Title: Operating System Forensic Analysis
- Author(s):
- Release date: December 2017
- Publisher(s): O'Reilly Media, Inc.
- ISBN: 9781492029199
You might also like
book
File System Forensic Analysis
The Definitive Guide to File System Analysis: Key Concepts and Hands-on Techniques Most digital evidence is …
book
CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide
An all-new exam guide for version 8 of the Computer Hacking Forensic Investigator (CHFI) exam from …
book
Practical Packet Analysis, 3rd Edition
It's easy to capture packets with Wireshark, the world's most popular network sniffer, whether off the …
book
Learn Computer Forensics - Second Edition
Learn Computer Forensics from a veteran investigator and technical trainer and explore how to properly document …