Analysis
After successfully imaging the drives to be analyzed and calculating and storing the message digests, the investigator can begin the analysis. The details of the investigation will depend on the particulars of the incident being investigated. However, in general, the following steps will be involved:
1. Check the Recycle Bin for deleted files.
2. Check the web browser history files and address bar histories.
3. Check the web browser cookie files. Each web browser stores cookies in different places. Browsers not listed here will require individual research.
a. Internet Explorer stores cookies in two places on Windows machines (a handy tool for viewing IE cookies is IECookiesView, which you can find at CNET Download.com):
• In ...
Get CompTIA Security+ All-in-One Exam Guide (Exam SY0-301), 3rd Edition, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
