Windows Forensics:The Field Guide For Conducting Corporate Computer Investigations

0.0

The book can best be described as a handbook and guide for conducting computer investigations in a corporate setting, with a focus on the most prevalent operating system (Windows). The book is supplemented with sidebar/callout topics of current interest with greater depth, and actual case studies. The organization is broken into 3 sections as follows: The first section is a brief on the emerging field of computer forensics, what it takes to become a forensic analyst, and the basics for what's needed in a corporate forensics setting. The Windows operating system family is comprised of several complex pieces of software. This section focuses specifically on the makeup of Windows from a forensic perspective, and details those components which will be analyzed in later chapters. Leveraging the contents of sections 1 and 2, this section brings together the investigative techniques from section 1 and the Windows specifics of section 2 and applies them to real analysis actions. About The Author Chad Steel is the head of IT Investigations for a Global 50 corporation. Previously, Chad worked as the Chief Security Officer and Director of Security Services for Qwest Solutions overseeing computer security design, implementation, and investigation activities for agencies including the Department of Treasury, Department of Justice, and the Department of the Interior. Table Of Contents Windows Forensics Processing the Digital Crime Scene Windows Forensic Basics Partitions and File Systems Directory Structure and Special Files The Registry Forensic Analysis Live System Analysis Forensic Duplication File System Analysis Log File Analysis Internet Usage Analysis Email Investigations Appendix Appendix A. Sample Chain of Custody Form Appendix B. Master Boot Record Layout Appendix C. Partition Types Appendix D. FAT32 Boot Sector Layout Appendix E. NTFS Boot Sector Layout Appendix F. NTFS Meta files Appendix G. Well-Known SIDs Index