What this book covers
Chapter 1, Introducing the Windows OS and Filesystems and Getting Prepared for the Labs, covers an introduction to Windows forensics and the Windows operating system. It will also cover the main aspects of the Windows operating system.
Chapter 2, Evidence Acquisition, covers powerful tools utilized in triaging Windows evidence, such as KAPE and FTK Imager. We will learn how to set up a proper evidence acquisition process and use the tools that we have at our disposal to preserve digital evidence.
Chapter 3, Memory Forensics for the Windows OS, discusses how volatile data is considered a gold mine for digital forensics. We will learn how to preserve volatile evidence and deep dive into forensic analysis using volatility.
Chapter 4, The Windows Registry, covers the Windows registry, which is a hierarchal database that holds hardware and software settings, user preferences, and more. We will learn about this amazing artifact and how to analyze it using open source tools.
Chapter 5, User Profiling Using the Windows Registry, covers profiling system details using the Windows registry, which is a fundamental technique in digital forensics and system analysis. Investigators can gain valuable insights into the system’s history, configuration, and user activities.
Chapter 6, Application Execution Artifacts, discusses how investigating execution evidence is considered a must in digital forensics and incident response. In this chapter, we dive into artifacts that play a pivotal role in investigations, helping forensic analysts reconstruct timelines, understand user interactions, and detect potential security incidents.
Chapter 7, Forensic Analysis of USB Artifacts, looks at USB devices, which are now essential tools for data storage and transfer. While their convenience is undeniable, their widespread use also poses challenges in the field of digital forensics. We will focus on tracking USB devices using multiple artifacts.
Chapter 8, Forensic Analysis of Browser Artifacts, discusses how as our lives become increasingly digital, web browsers have become the gateways to vast amounts of information, communication, and activity. We will cover multiple browsers and how to properly conduct an investigation.
Chapter 9, Exploring Additional Artifacts, provides an overview of additional artifacts that help forensic examiners to further examine an incident, such as the master file table and event logs. Our objective is to optimize the utilization of these resources.
