目錄(317章)
倒序
- cover
- Title Page
- Copyright
- Windows Forensics Cookbook
- Credits
- About the Authors
- About the Reviewer
- www.PacktPub.com
- Why subscribe?
- Customer Feedback
- Preface
- What this book covers
- What you need for this book
- Who this book is for
- Sections
- Getting ready
- How to do it…
- How it works…
- There's more…
- See also
- Conventions
- Customer support
- Downloading the color images of this book
- Errata
- Piracy
- Questions
- Digital Forensics and Evidence Acquisition
- Introduction
- Why Windows?
- Windows file system
- Identifying evidence sources
- Ensuring evidence is forensically sound
- Writing reports
- Digital forensic investigation - an international field
- What can we do to make things easier for ourselves in the meantime?
- Challenges of acquiring digital evidence from Windows systems
- Windows Memory Acquisition and Analysis
- Introduction
- Windows memory acquisition with Belkasoft RAM Capturer
- Getting ready
- How to do it…
- How it works…
- See also
- Windows memory acquisition with DumpIt
- Getting ready
- How to do it…
- How it works…
- See also
- Windows memory image analysis with Belkasoft Evidence Center
- Getting ready
- How to do it...
- How it works...
- See also
- Windows memory image analysis with Volatility
- Getting ready
- How to do it...
- How it works...
- See also
- Variations in Windows versions
- Getting ready
- How to do it...
- There is more...
- Windows Drive Acquisition
- Introduction
- Drive acquisition in E01 format with FTK Imager
- Getting ready
- How to do it...
- How it works...
- See more
- Drive acquisition in RAW format with dc3dd
- Getting ready
- How to do it...
- How it works...
- See also
- Mounting forensic images with Arsenal Image Mounter
- Getting ready
- How to do it...
- How it works...
- See also
- Windows File System Analysis
- Introduction
- NTFS Analysis with The Sleuth Kit
- Getting ready
- How to do it...
- How it works...
- See also
- Undeleting files from NTFS with Autopsy
- Getting ready...
- How to do it...
- How it works...
- See also
- Undeleting files from ReFS with ReclaiMe File Recovery
- Getting ready
- How to do it...
- How it works...
- See also
- File carving with PhotoRec
- Getting ready
- How to do it...
- How it works...
- See more
- Windows Shadow Copies Analysis
- Introduction
- Browsing and copying files from VSCs on a live system with ShadowCopyView
- Getting ready
- How to do it...
- How it works...
- See also
- Mounting VSCs from disk images with VSSADMIN and MKLINK
- Getting ready
- How to do it...
- How it works...
- See also
- Processing and analyzing VSC data with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Windows Registry Analysis
- Introduction
- Extracting and viewing Windows Registry files with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Parsing registry files with RegRipper
- Getting ready
- How to do it...
- How it works...
- See also
- Recovering deleted Registry artifacts with Registry Explorer
- Getting ready
- How to do it...
- How it works...
- See also
- Registry analysis with FTK Registry Viewer
- Getting ready
- How to do it...
- How it works...
- See also
- Main Windows Operating System Artifacts
- Introduction
- Recycle Bin content analysis with EnCase Forensic
- Getting ready
- How to do it...
- How it works...
- See also
- Recycle bin content analysis with Rifiuti2
- Getting ready
- How to do it...
- How it works...
- See also
- Recycle bin content analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Event log analysis with FullEventLogView
- Getting ready
- How to do it...
- How it works...
- See also
- Event log analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Event log recovery with EVTXtract
- Getting ready
- How to do it...
- How it works...
- See also
- LNK file analysis with EnCase forensic
- Getting ready
- How to do it...
- How it works...
- See also
- LNK file analysis with LECmd
- Getting ready
- How to do it...
- How it works...
- See also
- LNK file analysis with Link Parser
- Getting ready
- How to do it...
- How it works...
- See also
- Prefetch file analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Prefetch file parsing with PECmd
- Getting ready
- How to do it...
- How it works...
- See also
- Prefetch file recovery with Windows Prefetch Carver
- Getting ready
- How to do it...
- How it works...
- See also
- Web Browser Forensics
- Introduction
- Mozilla Firefox analysis with BlackBag's BlackLight
- Getting ready
- How to do it...
- How it works...
- See also
- Google Chrome analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Microsoft Internet Explorer and Microsoft Edge analysis with Belkasoft Evidence Center
- Getting ready
- How to do it...
- How it works...
- See also
- Extracting web browser data from Pagefile.sys
- Getting ready
- How to do it...
- How it works...
- See also
- Email and Instant Messaging Forensics
- Introduction
- Outlook mailbox parsing with Intella
- Getting ready
- How to do it...
- How it works...
- See also
- Thunderbird mailbox parsing with Autopsy
- Getting ready
- How to do it...
- How it works...
- See also
- Webmail analysis with Magnet AXIOM
- Getting ready
- How to do it...
- How it works...
- See also
- Skype forensics with Belkasoft Evidence Center
- Getting ready
- How to do it...
- How it works...
- See also
- Skype forensics with SkypeLogView
- Getting ready
- How to do it...
- How it works...
- See also
- Windows 10 Forensics
- Introduction
- Parsing Windows 10 Notifications
- Getting ready
- How to do it...
- How it works...
- See also
- Cortana forensics
- Getting ready
- How to do it...
- How it works...
- See also
- OneDrive forensics
- Getting ready
- How to do it...
- How it works...
- See also
- Dropbox forensics
- Getting ready
- How to do it...
- How it works...
- See also
- Windows 10 mail app
- Getting ready
- How to do it...
- How it works...
- Windows 10 Xbox App
- Getting ready
- How to do it...
- How it works...
- Data Visualization
- Introduction
- Data visualization with FTK
- Getting ready
- How to do it...
- How it works...
- Making a timeline in Autopsy
- Getting ready
- How to do it...
- How it works...
- See also
- Nuix Web Review & Analytics
- Getting ready
- How to do it...
- How it works...
- See also
- Troubleshooting in Windows Forensic Analysis
- Introduction
- Troubleshooting in commercial tools
- Troubleshooting in free and open source tools
- Troubleshooting when processes fail
- Soundness of evidence
- It wasn't me
- It was a virus / I was hacked
- Your process is faulty
- Legal and jurisdictional challenges
- False positives during data processing with digital forensics software
- Taking your first steps in digital forensics
- Academia
- Corporate
- Law enforcement
- How do I get started?
- Advanced further reading
- Books
- Websites
- Twitter Accounts 更新時間:2021-07-02 20:58:30
推薦閱讀
- 無代碼編程:用云表搭建企業數字化管理平臺
- C++面向對象程序設計(微課版)
- .NET 4.0面向對象編程漫談:基礎篇
- Learning R for Geospatial Analysis
- Building Microservices with .NET Core
- Scratch趣味編程:陪孩子像搭積木一樣學編程
- PHP 7從零基礎到項目實戰
- Troubleshooting Citrix XenApp?
- 深度探索Go語言:對象模型與runtime的原理特性及應用
- Learning Nessus for Penetration Testing
- Data Science Algorithms in a Week
- 零基礎學C語言(第4版)
- 邊玩邊學Scratch3.0少兒趣味編程
- Xamarin Cross-Platform Development Cookbook
- Python深度學習(第2版)
- 少年小魚的魔法之旅:神奇的Python
- 面向對象程序設計及C++實驗指導(第3版)
- CorelDRAW X6中文版應用教程(第二版)
- 天天學敏捷:Scrum團隊轉型記
- Learning Physics Modeling with PhysX
- Python數據分析實戰
- Mastering Prezi for Business Presentations(Second Edition)
- 電氣控制工程師手冊
- Web Penetration Testing with Kali Linux(Second Edition)
- 零基礎學低(無)代碼
- 機器學習數學基礎一本通(Python版)
- Python數據分析與數據化運營(第2版)
- Learn C# Programming
- Android System Programming
- 游戲服務器架構與優化
