- Apr 25, 2015
- 1,847
- 2
- 2,202
- 327
What is covered in this PDF?
Overwritten data: Values and data in keys such as typed URLs may be over-written from one session to another
Registry Related Timeline Analysis: You may be able to determine user activity during a more extended time frame
Anti-Anti-Forensics: Technologically sophisticated users may attempt to “clean” their Registry
- Volume Shadow Copy Basics
- Shadow Copies on a Live Machine
- Some Command Line
- Shadow Explorer
- Working with Disk Images
- Some Registry Keys
Overwritten data: Values and data in keys such as typed URLs may be over-written from one session to another
Registry Related Timeline Analysis: You may be able to determine user activity during a more extended time frame
Anti-Anti-Forensics: Technologically sophisticated users may attempt to “clean” their Registry