目錄(317章)
倒序
- cover
- Title Page
- Copyright
- Windows Forensics Cookbook
- Credits
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Why subscribe?
- Customer Feedback
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Sections
- Getting ready
- How to do it…
- How it works…
- There's more…
- See also
- Conventions
- Customer support
- Downloading the color images of this book
- Errata
- Piracy
- Questions
- Digital Forensics and Evidence Acquisition
- Introduction
- Why Windows?
- Windows file system
- Identifying evidence sources
- Ensuring evidence is forensically sound
- Writing reports
- Digital forensic investigation - an international field
- What can we do to make things easier for ourselves in the meantime?
- Challenges of acquiring digital evidence from Windows systems
- Windows Memory Acquisition and Analysis
- Introduction
- Windows memory acquisition with Belkasoft RAM Capturer
- Getting ready
- How to do it…
- How it works…
- See also
- Windows memory acquisition with DumpIt
- Getting ready
- How to do it…
- How it works…
- See also
- Windows memory image analysis with Belkasoft Evidence Center
- Getting ready
- How to do it...
- How it works...
- See also
- Windows memory image analysis with Volatility
- Getting ready
- How to do it...
- How it works...
- See also
- Variations in Windows versions
- Getting ready
- How to do it...
- There is more...
- Windows Drive Acquisition
- Introduction
- Drive acquisition in E01 format with FTK Imager
- Getting ready
- How to do it...
- How it works...
- See more
- Drive acquisition in RAW format with dc3dd
- Getting ready
- How to do it...
- How it works...
- See also
- Mounting forensic images with Arsenal Image Mounter
- Getting ready
- How to do it...
- How it works...
- See also
- Windows File System Analysis
- Introduction
- NTFS Analysis with The Sleuth Kit
- Getting ready
- How to do it...
- How it works...
- See also
- Undeleting files from NTFS with Autopsy
- Getting ready...
- How to do it...
- How it works...
- See also
- Undeleting files from ReFS with ReclaiMe File Recovery
- Getting ready
- How to do it...
- How it works...
- See also
- File carving with PhotoRec
- Getting ready
- How to do it...
- How it works...
- See more
- Windows Shadow Copies Analysis
- Introduction
- Browsing and copying files from VSCs on a live system with ShadowCopyView
- Getting ready
- How to do it...
- How it works...
- See also
- Mounting VSCs from disk images with VSSADMIN and MKLINK
- Getting ready
- How to do it...
- How it works...
- See also
- Processing and analyzing VSC data with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Windows Registry Analysis
- Introduction
- Extracting and viewing Windows Registry files with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Parsing registry files with RegRipper
- Getting ready
- How to do it...
- How it works...
- See also
- Recovering deleted Registry artifacts with Registry Explorer
- Getting ready
- How to do it...
- How it works...
- See also
- Registry analysis with FTK Registry Viewer
- Getting ready
- How to do it...
- How it works...
- See also
- Main Windows Operating System Artifacts
- Introduction
- Recycle Bin content analysis with EnCase Forensic
- Getting ready
- How to do it...
- How it works...
- See also
- Recycle bin content analysis with Rifiuti2
- Getting ready
- How to do it...
- How it works...
- See also
- Recycle bin content analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Event log analysis with FullEventLogView
- Getting ready
- How to do it...
- How it works...
- See also
- Event log analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Event log recovery with EVTXtract
- Getting ready
- How to do it...
- How it works...
- See also
- LNK file analysis with EnCase forensic
- Getting ready
- How to do it...
- How it works...
- See also
- LNK file analysis with LECmd
- Getting ready
- How to do it...
- How it works...
- See also
- LNK file analysis with Link Parser
- Getting ready
- How to do it...
- How it works...
- See also
- Prefetch file analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Prefetch file parsing with PECmd
- Getting ready
- How to do it...
- How it works...
- See also
- Prefetch file recovery with Windows Prefetch Carver
- Getting ready
- How to do it...
- How it works...
- See also
- Web Browser Forensics
- Introduction
- Mozilla Firefox analysis with BlackBag's BlackLight
- Getting ready
- How to do it...
- How it works...
- See also
- Google Chrome analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Microsoft Internet Explorer and Microsoft Edge analysis with Belkasoft Evidence Center
- Getting ready
- How to do it...
- How it works...
- See also
- Extracting web browser data from Pagefile.sys
- Getting ready
- How to do it...
- How it works...
- See also
- Email and Instant Messaging Forensics
- Introduction
- Outlook mailbox parsing with Intella
- Getting ready
- How to do it...
- How it works...
- See also
- Thunderbird mailbox parsing with Autopsy
- Getting ready
- How to do it...
- How it works...
- See also
- Webmail analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Skype forensics with Belkasoft Evidence Center
- Getting ready
- How to do it...
- How it works...
- See also
- Skype forensics with SkypeLogView
- Getting ready
- How to do it...
- How it works...
- See also
- Windows 10 Forensics
- Introduction
- Parsing Windows 10 Notifications
- Getting ready
- How to do it...
- How it works...
- See also
- Cortana forensics
- Getting ready
- How to do it...
- How it works...
- See also
- OneDrive forensics
- Getting ready
- How to do it...
- How it works...
- See also
- Dropbox forensics
- Getting ready
- How to do it...
- How it works...
- See also
- Windows 10 mail app
- Getting ready
- How to do it...
- How it works...
- Windows 10 Xbox App
- Getting ready
- How to do it...
- How it works...
- Data Visualization
- Introduction
- Data visualization with FTK
- Getting ready
- How to do it...
- How it works...
- Making a timeline in Autopsy
- Getting ready
- How to do it...
- How it works...
- See also
- Nuix Web Review & Analytics
- Getting ready
- How to do it...
- How it works...
- See also
- Troubleshooting in Windows Forensic Analysis
- Introduction
- Troubleshooting in commercial tools
- Troubleshooting in free and open source tools
- Troubleshooting when processes fail
- Soundness of evidence
- It wasn't me
- It was a virus / I was hacked
- Your process is faulty
- Legal and jurisdictional challenges
- False positives during data processing with digital forensics software
- Taking your first steps in digital forensics
- Academia
- Corporate
- Law enforcement
- How do I get started?
- Advanced further reading
- Books
- Websites
- Twitter Accounts 更新時間:2021-07-02 20:58:30
推薦閱讀
- 從零構建知識圖譜:技術、方法與案例
- 零基礎學Python網絡爬蟲案例實戰全流程詳解(高級進階篇)
- C語言程序設計同步訓練與上機指導(第三版)
- 從Excel到Python:用Python輕松處理Excel數據(第2版)
- UML 基礎與 Rose 建模案例(第3版)
- 組態軟件技術與應用
- SQL Server與JSP動態網站開發
- 運用后端技術處理業務邏輯(藍橋杯軟件大賽培訓教材-Java方向)
- Vue.js 2 Web Development Projects
- Machine Learning for Developers
- JSP程序設計與案例實戰(慕課版)
- XML程序設計(第二版)
- Java EE 7 Development with WildFly
- Learning QGIS(Second Edition)
- Java入門經典
- Python Geospatial Analysis Cookbook
- Rust Quick Start Guide
- Ext JS源碼分析與開發實例寶典
- Bioinformatics with Python Cookbook
- 解決方案架構師修煉之道
- Matplotlib 2.x By Example
- Figma UI設計技法與思維全解析
- Python基礎教程
- 輕松學:C語言
- C語言編程從零開始學(視頻教學版)
- JavaScript權威指南(原書第6版)
- HTML5從零開始學進階(套裝共2冊)
- Visual Basic編程全能詞典
- Creating Development Environments with Vagrant(Second Edition)
- Developing AR Games for iOS and Android
