Windows Folders

Each version of Windows has its own unique directory structure and file and folder naming conventions that differentiate that version from the other versions. With experience, the examiner can usually have a good idea which version of Windows is installed by looking at the directory structure for certain telltale file and folder names. Despite how convincing these naming and structure conventions may appear, these normal conventions are not cast in granite. The final determination of what operating system is installed is derived from the registry, which I’ll cover in Chapter 10.

Nevertheless, the examiner should be familiar with the directory structures and file and folder naming conventions that are normally used by the various ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by

Windows Folders

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly