Windows Forensic Analysis Including DVD Toolkit
One thing that many computer forensic examiners have noticed is an over reliance by investigators on what forensic analysis tools are telling them, without really understanding where this information is coming from or how it is being created or derived.
The age of “Nintendo forensics” (i.e., loading an acquired image into a forensic analysis application and pushing a button) is over. As analysts and examiners, we can no longer expect to investigate a case in such a manner. Cybercrime has increased in sophistication, and investigators need to understand what artifacts are available on a system, as well as how those artifacts are created and modified. With this level of knowledge, we come to understand that the absence of an artifact is itself an artifact. In addition, more and more presentations and material are available regarding anti-forensics, or techniques used to make forensic analysis more difficult. Moreover, there have been presentations at major conferences that discuss the anti-forensic technique of using the forensic analysts’ training and tools against them.
This book is intended to address the need for a more detailed, granular level of understanding. It attempts not only to demonstrate what information is available to the investigator on both a live Windows system and in an acquired image but also to provide information on how to locate additional artifacts that may be of interest.
Cross Site Scripting Attacks: Xss Exploits and Defense