Windows Forensics

Forensic Data Examination

The Data Examination Process Overview

Untitled

Resources:

NIST SP800-86, Guide to Integrating Forensic Techniques into Incident Response: (PDF) - Opens in new tab

Mounting a disk image using Arsenal Image Mounter

Arsenal Image Mounter Tutorial - Opens in new tab

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Guide on Windows files and forensic artifacts

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

The FTK Imager Tool - Opens in new tab

Untitled

Untitled

Untitled

Creating a triage data collection with KAPE

Download The Kroll Artifact Parser And Extractor (KAPE) - Opens in new tab

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Windows Forensics Navigation

  1. Windows Forensics Overview 

  2. Blueprint 

  3. Forensic Workstation Setup

  4. Data Collection Process Overview

    4.1 Target System Containment

    4.2 Memory Acquisition

    4.3 Disk Acquisition

  5. Forensic Data Examination This Page