Index

A

Access control list (ACL), USB device analysis, 117–118
ACMru key, 5, 140
Acquired images, see also Hard drive image
ASCII timelines, 196
dynamic application analysis, 236
Event Log file extraction, 79
historical Registry data, 141
installed AV applications, 171
malware detection, 168
multiple antivirus scans, 173–174
timeline analysis, 203, 229
timeline creation, 214
timeline creation on XP, 217–218
VM log-in tips, 236
VSCs
batch files, 64
diskpart command, 58
FTK Imager, 53f
image file formats, 66
LiveView, 53
overview, 52–67
ProDiscover, 64–66, 65f, 66f
ProDiscover BE, 59–60
VHD method, 54–58, 54f, 55f
VMDKs and SIFT, 62
VMWare method, 58–62, 61f
Acquisition process
F-Response, 39
incident response, 38
Active ...

Get Windows Forensic Analysis Toolkit, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial