目錄(317章)
倒序
- cover
- Title Page
- Copyright
- Windows Forensics Cookbook
- Credits
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Why subscribe?
- Customer Feedback
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Sections
- Getting ready
- How to do it…
- How it works…
- There's more…
- See also
- Conventions
- Customer support
- Downloading the color images of this book
- Errata
- Piracy
- Questions
- Digital Forensics and Evidence Acquisition
- Introduction
- Why Windows?
- Windows file system
- Identifying evidence sources
- Ensuring evidence is forensically sound
- Writing reports
- Digital forensic investigation - an international field
- What can we do to make things easier for ourselves in the meantime?
- Challenges of acquiring digital evidence from Windows systems
- Windows Memory Acquisition and Analysis
- Introduction
- Windows memory acquisition with Belkasoft RAM Capturer
- Getting ready
- How to do it…
- How it works…
- See also
- Windows memory acquisition with DumpIt
- Getting ready
- How to do it…
- How it works…
- See also
- Windows memory image analysis with Belkasoft Evidence Center
- Getting ready
- How to do it...
- How it works...
- See also
- Windows memory image analysis with Volatility
- Getting ready
- How to do it...
- How it works...
- See also
- Variations in Windows versions
- Getting ready
- How to do it...
- There is more...
- Windows Drive Acquisition
- Introduction
- Drive acquisition in E01 format with FTK Imager
- Getting ready
- How to do it...
- How it works...
- See more
- Drive acquisition in RAW format with dc3dd
- Getting ready
- How to do it...
- How it works...
- See also
- Mounting forensic images with Arsenal Image Mounter
- Getting ready
- How to do it...
- How it works...
- See also
- Windows File System Analysis
- Introduction
- NTFS Analysis with The Sleuth Kit
- Getting ready
- How to do it...
- How it works...
- See also
- Undeleting files from NTFS with Autopsy
- Getting ready...
- How to do it...
- How it works...
- See also
- Undeleting files from ReFS with ReclaiMe File Recovery
- Getting ready
- How to do it...
- How it works...
- See also
- File carving with PhotoRec
- Getting ready
- How to do it...
- How it works...
- See more
- Windows Shadow Copies Analysis
- Introduction
- Browsing and copying files from VSCs on a live system with ShadowCopyView
- Getting ready
- How to do it...
- How it works...
- See also
- Mounting VSCs from disk images with VSSADMIN and MKLINK
- Getting ready
- How to do it...
- How it works...
- See also
- Processing and analyzing VSC data with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Windows Registry Analysis
- Introduction
- Extracting and viewing Windows Registry files with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Parsing registry files with RegRipper
- Getting ready
- How to do it...
- How it works...
- See also
- Recovering deleted Registry artifacts with Registry Explorer
- Getting ready
- How to do it...
- How it works...
- See also
- Registry analysis with FTK Registry Viewer
- Getting ready
- How to do it...
- How it works...
- See also
- Main Windows Operating System Artifacts
- Introduction
- Recycle Bin content analysis with EnCase Forensic
- Getting ready
- How to do it...
- How it works...
- See also
- Recycle bin content analysis with Rifiuti2
- Getting ready
- How to do it...
- How it works...
- See also
- Recycle bin content analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Event log analysis with FullEventLogView
- Getting ready
- How to do it...
- How it works...
- See also
- Event log analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Event log recovery with EVTXtract
- Getting ready
- How to do it...
- How it works...
- See also
- LNK file analysis with EnCase forensic
- Getting ready
- How to do it...
- How it works...
- See also
- LNK file analysis with LECmd
- Getting ready
- How to do it...
- How it works...
- See also
- LNK file analysis with Link Parser
- Getting ready
- How to do it...
- How it works...
- See also
- Prefetch file analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Prefetch file parsing with PECmd
- Getting ready
- How to do it...
- How it works...
- See also
- Prefetch file recovery with Windows Prefetch Carver
- Getting ready
- How to do it...
- How it works...
- See also
- Web Browser Forensics
- Introduction
- Mozilla Firefox analysis with BlackBag's BlackLight
- Getting ready
- How to do it...
- How it works...
- See also
- Google Chrome analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Microsoft Internet Explorer and Microsoft Edge analysis with Belkasoft Evidence Center
- Getting ready
- How to do it...
- How it works...
- See also
- Extracting web browser data from Pagefile.sys
- Getting ready
- How to do it...
- How it works...
- See also
- Email and Instant Messaging Forensics
- Introduction
- Outlook mailbox parsing with Intella
- Getting ready
- How to do it...
- How it works...
- See also
- Thunderbird mailbox parsing with Autopsy
- Getting ready
- How to do it...
- How it works...
- See also
- Webmail analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Skype forensics with Belkasoft Evidence Center
- Getting ready
- How to do it...
- How it works...
- See also
- Skype forensics with SkypeLogView
- Getting ready
- How to do it...
- How it works...
- See also
- Windows 10 Forensics
- Introduction
- Parsing Windows 10 Notifications
- Getting ready
- How to do it...
- How it works...
- See also
- Cortana forensics
- Getting ready
- How to do it...
- How it works...
- See also
- OneDrive forensics
- Getting ready
- How to do it...
- How it works...
- See also
- Dropbox forensics
- Getting ready
- How to do it...
- How it works...
- See also
- Windows 10 mail app
- Getting ready
- How to do it...
- How it works...
- Windows 10 Xbox App
- Getting ready
- How to do it...
- How it works...
- Data Visualization
- Introduction
- Data visualization with FTK
- Getting ready
- How to do it...
- How it works...
- Making a timeline in Autopsy
- Getting ready
- How to do it...
- How it works...
- See also
- Nuix Web Review & Analytics
- Getting ready
- How to do it...
- How it works...
- See also
- Troubleshooting in Windows Forensic Analysis
- Introduction
- Troubleshooting in commercial tools
- Troubleshooting in free and open source tools
- Troubleshooting when processes fail
- Soundness of evidence
- It wasn't me
- It was a virus / I was hacked
- Your process is faulty
- Legal and jurisdictional challenges
- False positives during data processing with digital forensics software
- Taking your first steps in digital forensics
- Academia
- Corporate
- Law enforcement
- How do I get started?
- Advanced further reading
- Books
- Websites
- Twitter Accounts 更新時間:2021-07-02 20:58:30
推薦閱讀
- 玩轉Scratch少兒趣味編程
- 從零開始:數字圖像處理的編程基礎與應用
- PHP程序設計(慕課版)
- Essential Angular
- 精通Scrapy網絡爬蟲
- Learning OpenStack Networking(Neutron)
- Android開發:從0到1 (清華開發者書庫)
- HTML 5與CSS 3權威指南(第3版·上冊)
- Cybersecurity Attacks:Red Team Strategies
- C# and .NET Core Test Driven Development
- Java零基礎實戰
- Beginning C++ Game Programming
- Python Machine Learning Blueprints:Intuitive data projects you can relate to
- App Inventor少兒趣味編程動手做
- 現代C:概念剖析和編程實踐
- Instant OpenCV for iOS
- OpenCV輕松入門:面向Python
- C程序員從校園到職場
- 零基礎學:微信小程序開發
- Java高級程序設計實戰教程
- C語言開發手冊
- SQL進階教程
- C語言開發從入門到精通
- Security+? Practice Tests
- Gamification with Moodle
- Understanding Software
- Arduino Essentials
- iOS開發項目化經典教程
- 深度學習入門:基于PyTorch和TensorFlow的理論與實現
- 我的第一本編程書:玩轉Scratch
