This chapter focused on interacting with the various Windows APIs to capture information at the operating system level via the design and implementation of a keylogger. Through this exploration, you learned how screenshots are formed, where keyboard events are passed, methods to access the clipboard, and information available about processes on the system. Though this code may appear different than other chapters, it greatly expands the number of libraries we are exposed to, increasing the number of resources available to us as examiners. Visit https://packtpub.com/books/content/support to download the code bundle for this and all previous chapters.
In the next chapter, we will explore how to parse PST files, which are email archives containing a wealth of information. We will take parsed raw data from these PSTs and create informative graphics in a convenient HTML report.