Description:
Windows Forensics: The Field Guide for Conducting Corporate Computer Investigations prepares you to combat computer crime in the Windows world by presenting you with tools to help recover sabotaged files, track down the source of threatening emails, investigate industrial espionage and expose computer criminals.
Highlights include:
Identify evidence of fraud, electronic theft, and employee internet abuse
Investigate crime related to instant messaging, Lotus Notes, and increasingly popular browsers
Take advantage of sample forms and layouts as well as case studies
Protect the integrity of evidence
Compile a forensic response tookit
Assess and analyze damage from computer crime and process the crime scene
Develop a structure for effectively conducting investigations
Discover how to locate evidence in the Windows Registry
Product Details:
Copyright 2006
ISBN 0-470-03862-4
Paperback, 382 Pages
John Wiley & Sons Publishing
Table of Contents:
Chapter 1: Windows Forensics
Chapter 2: Processing the Digital Crime Scene
Chapter 3: Windows Forensic Basics
Chapter 4: Partitions and File Systems
Chapter 5: Directory Structure and Special Files
Chapter 6: The Registry
Chapter 7: Forensic Analysis
Chapter 8: Live System Analysis
Chapter 9: Forensic Duplication
Chapter 10: File System Analysis
Chapter 11: Log File Analysis
Chapter 12: Internet Usage Analysis
Chapter 13: Email Investigations
Appendix A: Sample Chain of Custody Form
Appendix B: Master Boot Record Layout
Appendix C: Partition Types
Appendix D: FAT32 Boot Sector Layout
Appendix E: NTFS Boot Sector Layout
Appendix F: NTFS Metafiles
Appendix G: Well-Known SIDs