O'Reilly logo

Windows Forensic Analysis Toolkit, 3rd Edition by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 3

Volume Shadow Copies

Chapter Outline

Information in this Chapter

• What Are “Volume Shadow Copies”?

• Live Systems

• Acquired Images

Introduction

Every time a new version of the Windows operating system is announced or made public, a collective shudder ripples throughout the forensics community. What new features are going to be available in the next operating system version? What’s going to remain the same? What new challenges will we face? Some changes are minor; for example, the binary structure of the Windows Registry hasn’t changed among versions, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required