Practical Windows Forensics

Overview

Agenda

History

Impetus to Change

Impetus to Change

Changes

Forensics Goals

Basic Procedure

Preparation

Pre-inspection Procedures

Gather Tools

System Information
& Basic Configuration

Date & Time / Disk Layout

System Services

System Logs

Unauthorized Changes

Other

Findings

Summary

Follow-up

Questions and Comments