Hello Reader,
I'm back in the United States for a while and with that should signal a return of the test kitchen in the coming nights. Until then I thought I post my current planned outline for the new book to be named Windows Forensics: DFIR InDepth.
What I'm looking for at this point is your feedback on what else you think is missing or you would like to see added or expanded on. The plan is to finish one chapter, publish the book and then keep pushing updates as I write so you can read the book as I finish it, update it, add to it, correct it from ongoing research rather than waiting a year.
I'm back in the United States for a while and with that should signal a return of the test kitchen in the coming nights. Until then I thought I post my current planned outline for the new book to be named Windows Forensics: DFIR InDepth.
What I'm looking for at this point is your feedback on what else you think is missing or you would like to see added or expanded on. The plan is to finish one chapter, publish the book and then keep pushing updates as I write so you can read the book as I finish it, update it, add to it, correct it from ongoing research rather than waiting a year.
Windows Forensic Fundamentals
Why this data exists
How to form your hypothesis
Building a test bed
File systems
NTFS
FAT32
EXFAT
REFS
File access
ObjectIDs
Lnk Files
Jumplists
Shellbags
Registry data
Device access
Driver install process
Registry data
Driver install logs
GUIDs and meainings
Program execution
Application Compatibility Caching
Application prefetching
Application Superfetching
User application tracking
External access
RDP
Network Shares
Teamviewer
Network connectivity
Network connections
Network drivers
System Monitoring
Journal Analysis
SRUM
Let me know your thoughts in the comments below,
LinkedIn or Twitter!
Also Read: Daily Blog #532
Post a Comment