Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Windows Forensics Analyst Field Guide

You're reading from   Windows Forensics Analyst Field Guide Engage in proactive cyber defense using digital forensics techniques

Arrow left icon
Product type Paperback
Published in Oct 2023
Publisher Packt
ISBN-13 9781803248479
Length 318 pages
Edition 1st Edition
Concepts
Arrow right icon
Author (1):
Arrow left icon
Muhiballah Mohammed Muhiballah Mohammed
Author Profile Icon Muhiballah Mohammed
Muhiballah Mohammed
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Part 1:Windows OS Forensics and Lab Preparation
2. Chapter 1: Introducing the Windows OS and Filesystems and Getting Prepared for the Labs FREE CHAPTER 3. Chapter 2: Evidence Acquisition 4. Chapter 3: Memory Forensics for the Windows OS 5. Chapter 4: The Windows Registry 6. Chapter 5: User Profiling Using the Windows Registry 7. Part 2:Windows OS Additional Artifacts
8. Chapter 6: Application Execution Artifacts 9. Chapter 7: Forensic Analysis of USB Artifacts 10. Chapter 8: Forensic Analysis of Browser Artifacts 11. Chapter 9: Exploring Additional Artifacts 12. Index 13. Other Books You May Enjoy

Windows evidence of execution artifacts

Evidence of execution refers to the digital artifacts left behind on a system as a result of a program being run. This evidence can include Prefetch files, Shimcache entries, event logs, and link files, among others.

The identification of evidence of execution is important to forensic analysts because it can provide valuable insight into the activities that took place on a system. By analyzing this evidence, investigators can determine which programs were run, when they were run, and how often they were run. This information can be used to reconstruct a timeline of events and identify any malicious activity that may have occurred on the system.

Furthermore, evidence of execution can help forensic analysts identify malware and other types of malicious software that may have been used to compromise a system. Malware often leaves behind distinct patterns of execution, which can be identified by analyzing evidence of program execution. This...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image