Windows Forensics (eBook)

This book is your comprehensive guide to Windows forensics. It covers the process of conducting or performing a forensic investigation of systems that run on Windows operating systems. It also includes analysis of incident response, recovery, and auditing of equipment used in executing any criminal activity.

The book covers Windows registry, architecture, and systems as well as forensic techniques, along with coverage of how to write reports, legal standards, and how to testify. It starts with an introduction to Windows followed by forensic concepts and methods of creating forensic images. You will learn Windows file artefacts along with Windows Registry and Windows Memory forensics. And you will learn to work with PowerShell scripting for forensic applications and Windows email forensics. Microsoft Azure and cloud forensics are discussed and you will learn how to extract from the cloud. By the end of the book you will know data-hiding techniques in Windows and learn about volatility and a Windows Registry cheat sheet.

What Will You Learn

• Understand Windows architecture
• Recover deleted files from Windows and the recycle bin
• Use volatility and PassMark volatility workbench
• Utilize Windows PowerShell scripting for forensic applications

Who This Book Is For

Windows administrators, forensics practitioners, and those wanting to enter the field of digital forensics

Dr. Chuck Easttom is the author of 39  books, including several on computer security, forensics, and cryptography.  He is also an inventor with 25 patents and the author of over 70 research papers.  He holds a Doctor of Science in cyber security, a Ph.D. in Nanotechnology,  a Ph.D. in computer science, and three master's degrees.

Dr. William Butler is Vice President of Academic Affairs and Executive Director of the Center for Cybersecurity Research and Analysis (CCRA) at Capitol Technology University (Located in Laurel, Maryland). Before this appointment, Bill served as the Chair of Cybersecurity programs for eight years.

Jessica Phelan is a computer science graduate student at Vanderbilt University. She is currently doing research in natural language processing at the University of Texas at Austin.

Ramya Sai Bhagavatula is a Cybersecurity enthusiast and holds a Security+ Certification from CompTIA. She is currently working as an AI Engineer for a medical organization, Baylor Genetics, where she is using her AI expertise to work with genomic data to bring out valuable insights and predictions. She has previously worked for NASA as a Deep Learning Research Intern, where she developed deep learning models to effectively predict severe climate patterns. She was also a lead Data Analyst Intern at an arts organization, Houston Arts Alliance, where she was involved in analyzing in-depth patterns and providing recommendations for their future art grants. Through her dedication to continuous learning and professional development, she pursued her Master's in Data Analytics at UH and is currently pursuing her second Master's in Computer Science at Vanderbilt University. She is also 3x Microsoft Certified in AI and Data Engineering. She aspires for her future career path to involve Cybersecurity, Quantum Computing, and AI. In her free time, she loves to volunteer at local organizationsto raise awareness about Computer Science among underprivileged school students. She has also received the Presidential Volunteer Service Award for her volunteer services. 

Sean Steuber has a BS in Engineering from University of Alabama, an MS in Computer Science from Vanderbilt University, and eight years of professional computer science experience.

Karely Rodriguez is a first-generation DACA recipient and a woman pursuing STEM. She earned a Bachelor's of Science in Computer Science and minored in Mathematics at the University of Washington and has continued her education in achieving a Masters of Computer Science from Vanderbilt University.

Victoria Indy Balkissoon is working in the Naval Enterprise Research Data Science (N.E.R.D.S.) team at NAWCTSD Orlando where she currently works on developing software applications and data science solutions for the US NAVY. She is also currently pursuing a Master's degree inComputer Science at Vanderbilt University.

Zehra Naseer has an MS in Ccmputer Science from Vanderbilt University.

---

This book is your comprehensive guide to Windows forensics. It covers the process of conducting or performing a forensic investigation of systems that run on Windows operating systems. It also includes analysis of incident response, recovery, and auditing of equipment used in executing any criminal activity.The book covers Windows registry, architecture, and systems as well as forensic techniques, along with coverage of how to write reports, legal standards, and how to testify. It starts with an introduction to Windows followed by forensic concepts and methods of creating forensic images. You will learn Windows file artefacts along with Windows Registry and Windows Memory forensics. And you will learn to work with PowerShell scripting for forensic applications and Windows email forensics. Microsoft Azure and cloud forensics are discussed and you will learn how to extract from the cloud. By the end of the book you will know data-hiding techniques in Windows and learn about volatility and a Windows Registry cheat sheet.What Will You LearnUnderstand Windows architectureRecover deleted files from Windows and the recycle binUse volatility and PassMark volatility workbenchUtilize Windows PowerShell scripting for forensic applicationsWho This Book Is ForWindows administrators, forensics practitioners, and those wanting to enter the field of digital forensics