Over the last few years, the wave of the cybercrime has risen rapidly. We have witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evident data from digital evidence, and the best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process.
We start by discussing the principles of the digital forensics process and move on to show you the approaches that are used to conduct analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data.
What You Will Learn
- Perform live analysis on victim or suspect Windows systems locally or remotely
- Understand the different natures and acquisition techniques of volatile and non-volatile data.
- Create a timeline of all the system actions to restore the history of an incident.
- Recover and analyze data from FAT and NTFS file systems.
- Make use of various tools to perform registry analysis.
- Track a system user’s browser and e-mail activities to prove or refute some hypotheses.
- Get to know how to dump and analyze computer memory.