Daily Blog #533: Windows Forensics DFIR InDepth proposed outline
Hello Reader,
I'm back in the United States for awhile and with that should signal a return of the test kitchen in coming nights. Until then I thought I post my current planned outline for the new book to be named Windows Forensics: DFIR InDepth.
What I'm looking for at this point is your feedback on what else you think is missing or you would like to see added or expanded on. The plan is to finish one chapter, publish the book and then keep pushing updates as I write so you can read the book as I finish it, update it, add to it, correct it from ongoing research rather than waiting a year.
I'm back in the United States for awhile and with that should signal a return of the test kitchen in coming nights. Until then I thought I post my current planned outline for the new book to be named Windows Forensics: DFIR InDepth.
What I'm looking for at this point is your feedback on what else you think is missing or you would like to see added or expanded on. The plan is to finish one chapter, publish the book and then keep pushing updates as I write so you can read the book as I finish it, update it, add to it, correct it from ongoing research rather than waiting a year.
Windows Forensic Fundamentals
Why this data exists
How to form your hypothesis
Building a test bed
File systems
NTFS
FAT32
EXFAT
REFS
File access
ObjectIDs
Lnk Files
Jumplists
Shellbags
Registry data
Device access
Driver install process
Registry data
Driver install logs
GUIDs and meainings
Program execution
Application Compatibility Caching
Application prefetching
Application Superfetching
User application tracking
External access
RDP
Network Shares
Teamviewer
Network connectivity
Network connections
Network drivers
System Monitoring
Journal Analysis
SRUM
Let me know your thoughts in the comments below, LinkedIn or Twitter!
Daily Blog #533: Windows Forensics DFIR InDepth proposed outline
![]()
Reviewed by David Cowen
on
November 09, 2018
Rating:
No comments: