Last topic we covered in ORF curriculum was MS windows artifacts, talking a lot about how and why things were developed, It was just glancing over a lot of issues
- Finding Deleted Data
- Hibernation Files
- Examining the Window Registry
- Print Spooling Evidence
- Recycle bin Operation
- Metadata: What It Is and How It’s Used
- Thumbnail Images as Evidence
- Most Recently Used Lists: How They’re Created and Their Forensic Value
- Examining Prefetch and Link Files
- Windows log analyses
- Windows search and indexing engine artifacts
A few books were mentioned like excellent "Mastering Windows Network Forensics and Investigation" and "Windows Forensic Analysis Toolkit, 3rd Edition"
There was talk about how this things evolved and come part of the system, how it evolved what was driving force behind it and how one can think about this resources as a source of data for digital forensics.
In digital forensic in computer science curriculum it is important to stress what are this artifacts in the global picture of the operating systems and how development of hardware and software influenced this artifacts.
This elements are so often completely ignored in professional digital forensic training or in pure forensic curriculum it is one of the reasons why we have so much problems in the digital forensics especially law enforcement related situations.
No comments:
Post a Comment