Chapter 1. Introduction
Where does it start? Do corporate users suddenly notice that it takes longer to access web pages and download files from the file server? Does a user's workstation exhibit odd behavior on a sporadic basis, with files being modified or going missing? Or is it the sudden angry emails that arrive in your inbox, complaining about the massive amount of traffic being sent from your site? However it begins, as long as there are networks of computer systems, there will be computer security incidents. That being the case, investigators and administrators (titles that may apply to the same person) need to know what steps they can take to retrieve and analyze data from potentially compromised Windows systems. Due to the widespread ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
