Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Free Learning

You're reading from Windows Forensics Cookbook Over 60 practical recipes to acquire memory data and analyze systems with the latest Windows forensic tools

Product type Paperback

Published in Aug 2017

Publisher

ISBN-13 9781784390495

Length 274 pages

Edition 1st Edition

Tools

Windows OS

Concepts

Forensics

Authors (2):

Oleg Skulkin

Scar de Courcier

View More author details

Table of Contents (13) Chapters

Preface

1. Digital Forensics and Evidence Acquisition FREE CHAPTER

2. Windows Memory Acquisition and Analysis

3. Windows Drive Acquisition

4. Windows File System Analysis

5. Windows Shadow Copies Analysis

6. Windows Registry Analysis

7. Main Windows Operating System Artifacts

8. Web Browser Forensics

9. Email and Instant Messaging Forensics

10. Windows 10 Forensics

11. Data Visualization

12. Troubleshooting in Windows Forensic Analysis

Introduction

Shadow copies, also known as volume shadow copies, are backup copies of Windows files that are taken during the normal course of use of a machine running on NTFS. For the average computer user, shadow copies may be familiar, as they are what make it possible to create Windows backups, or to perform system restores when something goes wrong.

These have obvious applications for digital forensic practitioners, particularly in cases where a suspect may have tried to delete evidence from a machine. By restoring the system to its previous state, or by using forensic tools to uncover files that are saved in shadow copy locations, forensic practitioners may be able to deduce information that an individual has tried to hide.

However, the presence of shadow copies and the ability forensic investigators have to uncover the information contained within them does not necessarily...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

de Courcier

Scar de Courcier is Senior Editor at digital forensics website Forensic Focus. She also works as an independent consultant on online and offline child protection projects. In her spare time, she enjoys swimming, pretending she lives on the USS Voyager, and hanging out with her cat.

See other products by de Courcier

Oleg Skulkin

Oleg Skulkin is the Head of Digital Forensics and Malware Analysis Laboratory at Group-IB. Oleg has worked in the fields of digital forensics, incident response, and cyber threat intelligence and research for over a decade, fueling his passion for uncovering new techniques used by hidden adversaries. Oleg has authored and co-authored multiple blog posts, papers, and books on related topics and holds GCFA and GCTI certifications.

See other products by Oleg Skulkin