This chapter described the Windows operating system in some detail as well as other operating systems that are commonly examined, including Apple and Linux. Windows Registry, system files and logs, and some additional benefits of VSS recovery were introduced as a valuable resource for digital evidence recovery and analysis. The chapter also touched on remote access and malware attacks and the prevalence and challenges of anti-forensics that hamper the recovery and identification of evidence.
Chapter 8, Examining Browsers, E-mails, Messaging Systems, and Mobile Phones, will describe the processes of locating and recovering digital evidence relating to records of personal communications, including e-mails and browsing records stored in computer devices and telephonic communications retained on mobile phones. It will look specifically at the recovery of Internet browsing and search records and other messaging systems, including Skype and virtual private networks as well as e-mail analysis...