Top Ad unit 728 × 90

Latest News


Daily Blog #533: Windows Forensics DFIR InDepth proposed outline

Hello Reader,
       I'm back in the United States for awhile and with that should signal a return of the test kitchen in coming nights. Until then I thought I post my current planned outline for the new book to be named Windows Forensics: DFIR InDepth.

What I'm looking for at this point is your feedback on what else you think is missing or you would like to see added or expanded on. The plan is to finish one chapter, publish the book and then keep pushing updates as I write so you can read the book as I finish it, update it, add to it, correct it from ongoing research rather than waiting a year.

Windows Forensic Fundamentals

Why this data exists
How to form your hypothesis
Building a test bed

File systems


File access

Lnk Files
Registry data

Device access

Driver install process
Registry data
Driver install logs
GUIDs and meainings

Program execution

Application Compatibility Caching
Application prefetching
Application Superfetching
User application tracking

External access

Network Shares

Network connectivity

Network connections
Network drivers

System Monitoring

Journal Analysis


Let me know your thoughts in the comments below, LinkedIn or Twitter!
Daily Blog #533: Windows Forensics DFIR InDepth proposed outline Reviewed by David Cowen on November 09, 2018 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.