Chapter 8. Investigating Windows Computers
Since publishing its first operating system for an Intel computer, Microsoft has been providing a steady supply of increasingly complex and sophisticated operating environments, each of which builds on its predecessor, providing backward compatibility with earlier versions. As a forensic investigator, you must be familiar with all of them and their differences and similarities. In this chapter, we’ll discuss forensic issues relevant to all of Microsoft’s environments, starting with the closely related Windows 95 and 98 versions.1 We assume that, by this point, you are familiar with the fundamentals of forensics. Although we’ll continue to introduce and reinforce best forensic practices, most of this ...
Get Computer Forensics: Incident Response Essentials now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
