Chapter 8 Application Analysis

Chapter Outline

Introduction

Log Files

Dynamic Analysis

Network Captures

Application Memory Analysis

Summary

References

Information in this Chapter

• Application Analysis

Introduction

So far in this book, we’ve discussed a number of artifacts and resources that analysts can turn to within a Windows system to help address the issues and goals they are facing. Many of the artifacts we’ve discussed up to this point (e.g., Registry keys, jump lists, etc.) have been generated by the operating system as a result of either user or malware interaction with the environment. What we haven’t discussed is what an understanding of applications can provide to the analyst.

Application analysis can be a very important part of ...

Get Windows Forensic Analysis Toolkit, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Forensic Analysis Toolkit, 3rd Edition by Harlan Carvey

Chapter 8

Application Analysis

Chapter Outline

Information in this Chapter

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly