Chapter 2. Live Response
Data Analysis

Solution in this chapter:

▪ Data Analysis
Summary
Solutions Fast Track
Frequently Asked Questions

Introduction

Now that you've collected volatile data from a system, the question becomes “How do I ‘hear’ what it has to say?” or “How do I figure out what the data is telling me?” Once you've collected a process listing, how do you determine which process, if any, is malware? How do you tell whether someone has compromised the system and is currently accessing it? Finally, how can you use the volatile data you've collected to build a better picture of activity on the system, particularly as you acquire an image and perform postmortem analysis?
The purpose of this chapter is to address these sorts of questions. What ...

Get Windows Forensic Analysis DVD Toolkit, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.