What is digital forensics

-examination of digital storage and digital environments in order to determine what has happened

- also including monitoring in real time

-forensic investigating is collecting analysing and reporting

computer forensics face same scrutiny as an analysis of a fingerprint or DNA test

 

Types of crimes

computer theory chapter:

 

NTFS File systems:

 

types of file systems:

-partitions are stated in the partition table which are found in the master boot record

 

 

File Structures:

 

Data Representation:

 

Windows Registry:

encryption and hashing:

 

memory and paging:

 

notable artefacts :

 

Prefetch:

 

shellbags:

 

.LNK file

MRU – Stuff:

 

thumbcache:

 

windows event viewer:

 

program log files:

 

USB device history :

 

decryption and password enforcing: