Chapter 9 Windows Operating System Artifacts

EnCE Exam Topics Covered in This Chapter:

Windows dates and times
Adjusting for time zone offsets
Recycle Bin and INFO records
Windows Recycle Bin
Link files
Windows folders
Recent folder
Desktop folder
My Documents folder
Send To folder
Temp folders
Favorites folder
Windows Low folders
Cookies folder
History folder
Temporary Internet files
Swap file
Hibernation file
Printing artifacts
Windows volume shadow copy
Windows event logs

Not many years ago, when Microsoft was announcing the release of Windows XP, many examiners were proclaiming the end of computer forensics. They claimed that the new security features of Windows XP were going to virtually eliminate all forms of artifacts and other evidence. ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition by

Chapter 9

Windows Operating System Artifacts

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly