The majority of laptop, desktop, and network-based computers use Windows operating systems, and this chapter will describe this in some detail and provide a brief description of other operating systems that are commonly examined. The chapter will provide you with an understanding of the complexity and nature of information processed on computers that assists forensic examinations and facilitates the recreation of key events relating to the presence of digital evidence stored in a range of operating systems.
The chapter will look at:
The Windows Registry and system files and logs as a resource of digital evidence
Apple and other operating system structures
Remote-access and malware attacks and the prevalence and challenge posed by anti-forensics to the recovery of digital evidence
A case study relating to Windows Registry analysis