更新时间:2021-07-02 20:58:30
cover
Title Page
Copyright
Windows Forensics Cookbook
Credits
About the Authors
About the Reviewer
www.PacktPub.com
Why subscribe?
Customer Feedback
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
Digital Forensics and Evidence Acquisition
Introduction
Why Windows?
Windows file system
Identifying evidence sources
Ensuring evidence is forensically sound
Writing reports
Digital forensic investigation - an international field
What can we do to make things easier for ourselves in the meantime?
Challenges of acquiring digital evidence from Windows systems
Windows Memory Acquisition and Analysis
Windows memory acquisition with Belkasoft RAM Capturer
Windows memory acquisition with DumpIt
Windows memory image analysis with Belkasoft Evidence Center
How to do it...
How it works...
Windows memory image analysis with Volatility
Variations in Windows versions
There is more...
Windows Drive Acquisition
Drive acquisition in E01 format with FTK Imager
See more
Drive acquisition in RAW format with dc3dd
Mounting forensic images with Arsenal Image Mounter
Windows File System Analysis
NTFS Analysis with The Sleuth Kit
Undeleting files from NTFS with Autopsy
Getting ready...
Undeleting files from ReFS with ReclaiMe File Recovery
File carving with PhotoRec
