O'Reilly logo

Windows Forensics and Incident Recovery by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Tools for Collecting Non-Volatile Information

Non-volatile information does not necessarily need to be collected from a system at the same time as the volatile information. Because of the nature of non-volatile information, it should generally remain unchanged if the system is rebooted. However, this information can be collected at the same time as the volatile information, depending upon the needs of the investigator. Methodologies for collecting both types of information will be addressed in greater detail in Chapter 6, Developing a Methodology, and Chapter 7, Knowing What To Look For.

Collecting Files

Many times, the contents of files provide valuable information regarding the nature of an incident. If an attack occurs against an IIS web server, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required