Skip to Main Content
The Basics of Digital Forensics, 2nd Edition
book

The Basics of Digital Forensics, 2nd Edition

by John Sammons
December 2014
Beginner content levelBeginner
200 pages
6h 8m
English
Syngress
Content preview from The Basics of Digital Forensics, 2nd Edition
Chapter 5

Windows system artifacts

Abstract

Microsoft Windows is the most widely used operating system in the world. Thus, digital forensic examiners must have an understanding of how artifacts are created in Windows and how they can be used to track a user’s activity. This chapter covers deleted data and artifacts such as restore points, metadata, the Recycle Bin, and more.

Keywords

Deleted Data
Hiberfile.sys
Registry
Print Spooling
Recycle Bin
Metadata
Thumbnail Cache
Most Recently Used (MRU)
Restore Points (RPs)
Shadow Copies

“You see, but you do not observe. The distinction is clear.”

—Sherlock Holmes in A Scandal in Bohemia

Information in this chapter
Finding Deleted Data
Hibernation Files
Examining the Windows Registry
Print ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Digital Evidence and Computer Crime, 3rd Edition

Digital Evidence and Computer Crime, 3rd Edition

Eoghan Casey
Practical Mobile Forensics - Fourth Edition

Practical Mobile Forensics - Fourth Edition

Rohit Tamma, Oleg Skulkin, Heather Mahalik, Satish Bommisetty

Publisher Resources

ISBN: 9780128016350