Windows forensics : the field guide for conducting corporate computer investigations /
Chad Steel.
- Indianapolis, Ind : Wiley, 2006.
- xvii, 382 p. : ill. ; 24 cm.
Includes bibliographical references and index.
Windows forensics -- Processing the digital crime scene -- Windows forensics basics -- Partitions and file systems -- Directory structure and special files -- The registry -- Forensic analysis -- Live system analysis -- Forensic duplication -- File system analysis -- Log file analysis -- Internet usage analysis -- Email investigations -- App. A. Sample chain of custody form -- App. B. Master boot record layout -- App. C. Partition types -- App. D. Fat32 boot sector layout -- App. E. NTFS boot sector layout -- App. F. NTFS metafiles -- App. G. Well-known SIDs -- Index.
0470038624 (pbk.) 9780470038628
Microsoft Windows (Computer file)--Security measures.
Computer crimes--Investigation--Methodology.--United States Computer networks--Security measures. Internet--Security measures. Computer security.