Index

Note: Page numbers followed by “f” and “b” refer to figures and boxes, respectively.

A

Acceptable use policies (AUPs), 254
Access control list (ACL), 127
Acme Consulting, 286, 288
ACMru key, 5, 151
Acquired images, 233–235
ASCII timelines, 212–213
Event Log file extraction, 87
historical Registry data, 152
installed AV applications, 186
malware detection, 182
multiple antivirus scans, 189–192
timeline analysis, 220, 247
timeline creation, 227
timeline creation on XP, 233–235
VSCs, 66b, 68b
batch files, 70
diskpart command, 64b
FTK Imager, 59f
image file formats, 73b
LiveView, 60b
overview, 59–73
ProDiscover, 71–73, 71f, 72f, 72f
ProDiscover BE, 66
VHD method, 61–65, 62f
VMDKs and SIFT, 68
VMWare method, 65–68, 67f
Acquisition process

Get Windows Forensic Analysis Toolkit, 4th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.