O'Reilly logo

Windows Forensic Analysis Toolkit, 3rd Edition by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4

File Analysis

Chapter Outline

Introduction

MFT

File System Tunneling

Event Logs

Windows Event Log

Recycle Bin

Prefetch Files

Scheduled Tasks

Jump Lists

Hibernation Files

Application Files

Antivirus Logs

Skype

Apple Products

Image Files

Summary

References

Information in this chapter

• MFT

• Event Logs

• Recycle Bin

• Prefetch Files

• Scheduled Tasks

• Jump Lists

• Hibernation Files

• Application Files

Introduction

As with any computer system, Windows systems contain a great number of files, many of which are not simply a standard ASCII text format. Many of these files may not have any relevance to the analysis at all, and only a few may provide critical information to the analyst. There also may be a number of files that are unknown ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required