Chapter 8. Tying It All Together
Solutions in this chapter
▪ Extending Timeline Analysis
Frequently Asked Questions
Throughout the book so far, we've covered a great deal of very technical information, but in each case that information has been very specific to one particular area—Windows memory, the Registry, files, and so on. However, most of the incident response that a responder is required to do, or computer forensic analysis that an examiner will be required to do, involves more than one of these areas. For example, suspicious network traffic or a suspicious process may lead to a file on the system, which in turn will lead to the persistence mechanism for the malware, ...