The purpose of this book, as was with the first edition, is to address a need. An issue that many incident responders and computer forensic examiners have seen is that there is an overreliance on what forensic analysis tools purist procedures are telling us, without really understanding where this information is coming from or how it is being created or derived. The “Age of Nintendo Forensics,” i.e., of loading an acquired image into a forensic analysis application and pushing a button, is
over. As analysts and examiners, we can no longer expect to investigate a case in such a manner. Cybercrime has increased in sophistication, and investigators need to understand what artifacts are available on a system, as well as how those ...