Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright
Windows Forensics Cookbook
Credits About the Authors About the Reviewer www.PacktPub.com
Why subscribe?
Customer Feedback Preface
What this book covers What you need for this book Who this book is for Sections
Getting ready How to do it… How it works… There's more… See also
Conventions Customer support
Downloading the color images of this book Errata Piracy Questions
Digital Forensics and Evidence Acquisition
Introduction
Why Windows? Windows file system
Identifying evidence sources Ensuring evidence is forensically sound Writing reports Digital forensic investigation - an international field
What can we do to make things easier for ourselves in the meantime?
Challenges of acquiring digital evidence from Windows systems
Windows Memory Acquisition and Analysis
Introduction Windows memory acquisition with Belkasoft RAM Capturer
Getting ready How to do it… How it works… See also
Windows memory acquisition with DumpIt
Getting ready How to do it… How it works… See also
Windows memory image analysis with Belkasoft Evidence Center
Getting ready How to do it... How it works... See also
Windows memory image analysis with Volatility
Getting ready How to do it... How it works... See also
Variations in Windows versions
Getting ready How to do it... There is more...
Windows Drive Acquisition
Introduction Drive acquisition in E01 format with FTK Imager
Getting ready How to do it... How it works... See more
Drive acquisition in RAW format with dc3dd
Getting ready How to do it... How it works... See also
Mounting forensic images with Arsenal Image Mounter
Getting ready How to do it... How it works... See also
Windows File System Analysis
Introduction NTFS Analysis with The Sleuth Kit
Getting ready How to do it... How it works... See also
Undeleting files from NTFS with Autopsy
Getting ready... How to do it... How it works... See also
Undeleting files from ReFS with ReclaiMe File Recovery
Getting ready How to do it... How it works... See also
File carving with PhotoRec
Getting ready How to do it... How it works... See more
Windows Shadow Copies Analysis
Introduction Browsing and copying files from VSCs on a live system with ShadowCopyView
Getting ready How to do it... How it works... See also
Mounting VSCs from disk images with VSSADMIN and MKLINK
Getting ready How to do it... How it works... See also
Processing and analyzing VSC data with Magnet AXIOM
Getting ready How to do it... How it works... See also
Windows Registry Analysis
Introduction Extracting and viewing Windows Registry files with Magnet AXIOM
Getting ready How to do it... How it works... See also
Parsing registry files with RegRipper
Getting ready How to do it... How it works... See also
Recovering deleted Registry artifacts with Registry Explorer
Getting ready How to do it... How it works... See also
Registry analysis with FTK Registry Viewer
Getting ready How to do it... How it works... See also
Main Windows Operating System Artifacts
Introduction Recycle Bin content analysis with EnCase Forensic
Getting ready How to do it... How it works... See also
Recycle bin content analysis with Rifiuti2
Getting ready How to do it... How it works... See also
Recycle bin content analysis with Magnet AXIOM
Getting ready How to do it... How it works... See also
Event log analysis with FullEventLogView
Getting ready How to do it... How it works... See also
Event log analysis with Magnet AXIOM
Getting ready How to do it... How it works... See also
Event log recovery with EVTXtract
Getting ready How to do it... How it works... See also
LNK file analysis with EnCase forensic
Getting ready How to do it... How it works... See also
LNK file analysis with LECmd
Getting ready How to do it... How it works... See also
LNK file analysis with Link Parser
Getting ready How to do it... How it works... See also
Prefetch file analysis with Magnet AXIOM
Getting ready How to do it... How it works... See also
Prefetch file parsing with PECmd
Getting ready How to do it... How it works... See also
Prefetch file recovery with Windows Prefetch Carver
Getting ready How to do it... How it works... See also
Web Browser Forensics
Introduction Mozilla Firefox analysis with BlackBag's BlackLight
Getting ready How to do it... How it works... See also
Google Chrome analysis with Magnet AXIOM
Getting ready How to do it... How it works... See also
Microsoft Internet Explorer and Microsoft Edge analysis with Belkasoft Evidence Center
Getting ready How to do it... How it works... See also
Extracting web browser data from Pagefile.sys
Getting ready How to do it... How it works... See also
Email and Instant Messaging Forensics
Introduction Outlook mailbox parsing with Intella
Getting ready How to do it... How it works... See also
Thunderbird mailbox parsing with Autopsy
Getting ready How to do it... How it works... See also
Webmail analysis with Magnet AXIOM
Getting ready How to do it... How it works... See also
Skype forensics with Belkasoft Evidence Center
Getting ready How to do it... How it works... See also
Skype forensics with SkypeLogView
Getting ready How to do it... How it works... See also
Windows 10 Forensics
Introduction Parsing Windows 10 Notifications
Getting ready How to do it... How it works... See also
Cortana forensics
Getting ready How to do it... How it works... See also
OneDrive forensics
Getting ready How to do it... How it works... See also
Dropbox forensics
Getting ready How to do it... How it works... See also
Windows 10 mail app
Getting ready How to do it... How it works...
Windows 10 Xbox App
Getting ready How to do it... How it works...
Data Visualization
Introduction Data visualization with FTK
Getting ready How to do it... How it works...
Making a timeline in Autopsy
Getting ready How to do it... How it works... See also
Nuix Web Review & Analytics
Getting ready How to do it... How it works... See also
Troubleshooting in Windows Forensic Analysis
Introduction Troubleshooting in commercial tools Troubleshooting in free and open source tools Troubleshooting when processes fail
Soundness of evidence
It wasn't me It was a virus / I was hacked Your process is faulty
Legal and jurisdictional challenges
False positives during data processing with digital forensics software Taking your first steps in digital forensics
Academia Corporate Law enforcement How do I get started?
Advanced further reading
Books Websites Twitter Accounts
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion