OLE structured storage, Registry as log file, 124
OpenOffice, 19, 245
for case notes, 281
OpenSaveMRU key, user hives, 150–151
OpenSavePidMRU key, user hives, 150–151
Open-source tools (general)See also specific tools
analysis system set-up, 24
convergence, 19–20
pre-infection intelligence collection, 173–174
suggested reading, 24
timeline creation, 225–226
Operational logs
characteristics, 91
WLAN-AutoConfig example, 92f
Oracle, VirtualBox, 61
Order of volatility, definition, 11
OSession.evt, timeline creation on XP, 233–234


Packed, malware detection, 193–195
Packed files
malware detection, 193–195
PEiD example, 193–194
Packet sniffers, incident response data ...

Get Windows Forensic Analysis Toolkit, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.