O'Reilly logo

Handbook of Digital Forensics and Investigation by Eoghan Casey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Windows Forensic Analysis
Ryan D. Pittman and Dave Shaver

Contents

Introduction209
Windows, Windows Everywhere210
NTFS Overview215
Forensic Analysis of the NTFS Master File Table (MFT)223
Metadata230
Artifacts of User Activities235
Deletion and Destruction of Data273
Windows Internet and Communications Activities279
Windows Process Memory285
BitLocker and Encrypting File System (EFS)287
RAIDs and Dynamic Disks292
Cases299
References299

Introduction

Despite the proliferation and growing popularity of other user interfaces, such as Macintosh OS X and Ubuntu (a flavor of Linux), Microsoft's Windows operating systems remain the most popular in the world. In fact, sources have reported that over 90% of the computers in use today are running ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required