Operating System Forensics

Operating System Forensics is the first book to cover all three critical operating systems for digital forensic investigations in one comprehensive reference. Users will learn how to conduct successful digital forensic examinations in Windows, Linux, and Mac OS, the methodologies used, key technical concepts, and the tools needed to perform examinations. Mobile operating systems such as Android, iOS, Windows, and Blackberry are also covered, providing everything practitioners need to conduct a forensic investigation of the most commonly used operating systems, including technical details of how each operating system works and how to find artifacts. This book walks you through the critical components of investigation and operating system functionality, including file systems, data recovery, memory forensics, system configuration, Internet access, cloud computing, tracking artifacts, executable layouts, malware, and log files. You'll find coverage of key technical topics like Windows Registry, /etc directory, Web browers caches, Mbox, PST files, GPS data, ELF, and more. Hands-on exercises in each chapter drive home the concepts covered in the book. You'll get everything you need for a successful forensics examination, including incident response tactics and legal requirements. Operating System Forensics is the only place you'll find all this covered in one book. Covers digital forensic investigations of the three major operating systems, including Windows, Linux, and Mac OS Presents the technical details of each operating system, allowing users to find artifacts that might be missed using automated tools Hands-on exercises drive home key concepts covered in the book. Includes discussions of cloud, Internet, and major mobile operating systems such as Android and iOS

Operating System Forensics is the first book to cover all three critical operating systems for digital forensic investigations in one comprehensive reference.

Users will learn how to conduct successful digital forensic examinations in Windows, Linux, and Mac OS, the methodologies used, key technical concepts, and the tools needed to perform examinations.

Mobile operating systems such as Android, iOS, Windows, and Blackberry are also covered, providing everything practitioners need to conduct a forensic investigation of the most commonly used operating systems, including technical details of how each operating system works and how to find artifacts.

This book walks you through the critical components of investigation and operating system functionality, including file systems, data recovery, memory forensics, system configuration, Internet access, cloud computing, tracking artifacts, executable layouts, malware, and log files. You'll find coverage of key technical topics like Windows Registry, /etc directory, Web browers caches, Mbox, PST files, GPS data, ELF, and more. Hands-on exercises in each chapter drive home the concepts covered in the book. You'll get everything you need for a successful forensics examination, including incident response tactics and legal requirements. Operating System Forensics is the only place you'll find all this covered in one book.

• Covers digital forensic investigations of the three major operating systems, including Windows, Linux, and Mac OS
• Presents the technical details of each operating system, allowing users to find artifacts that might be missed using automated tools
• Hands-on exercises drive home key concepts covered in the book.
• Includes discussions of cloud, Internet, and major mobile operating systems such as Android and iOS

This book covers all three critical operating systems for digital forensic investigations. Users will learn how to conduct successful digital forensic examinations in Windows, Linux, and Mac OS, the methodologies used, key technical concepts, and the tools needed to perform examinations. Mobile operating systems such as Android, iOS, Windows, and Blackberry are also covered. It walks you through the critical components of investigation and operating system functionality, including file systems, data recovery, memory forensics, system configuration, Internet access, cloud computing, tracking artifacts, executable layouts, malware, and log files. Technical topics include: Windows Registry, /etc directory, web browers caches, Mbox, PST files, GPS data, ELF, and more. Hands-on exercises in each chapter drive home the concepts covered in the book. -- Edited summary from book Content: Front matter,Copyright,Dedication,Foreword,PrefaceEntitled to full textChapter 1 - Forensics and Operating Systems, Pages 1-17 Chapter 2 - File Systems, Pages 19-62 Chapter 3 - Data and File Recovery, Pages 63-93 Chapter 4 - Memory Forensics, Pages 95-127 Chapter 5 - System Configuration, Pages 129-156 Chapter 6 - Web Browsing, Pages 157-180 Chapter 7 - Tracking Artifacts, Pages 181-198 Chapter 8 - Log Files, Pages 199-223 Chapter 9 - Executable Programs, Pages 225-264 Chapter 10 - Malware, Pages 265-299 Chapter 11 - Mobile Operating Systems, Pages 301-329 Chapter 12 - Newer Technologies, Pages 331-349 Chapter 13 - Reporting, Pages 351-361 Subject Index, Pages 363-374 "Covers digital forensic investigations of the three major operating systems, including Windows, Linux, and Mac OS. Presents the technical details of each operating system, allowing users to find artifacts that might be missed using automated tools. Hands-on exercises drive home key concepts covered in the book. Includes discussions of cloud, Internet, and major mobile operating systems such as Android and iOS."--Publisher web site