OS Forensic Techniques Guide

This document discusses operating system forensics and focuses on Windows and Mac forensics. It covers collecting volatile system information like logged on users, open files, and running processes from Windows systems. It also covers collecting non-volatile information such as the Windows registry, event logs, and page file. The document notes the importance of analyzing the clipboard contents, Windows search index, and hidden partitions when performing Windows forensics and mentions analyzing Mac systems as well.

Uploaded by

يُ يَ

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

191 views30 pages

OS Forensic Techniques Guide

Uploaded by

يُ يَ

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 30

OS FORENSIC

OBJECTIVES
What is an OS?
Functions of an OS
OPERATING SYSTEM INTERFACE
What is OS Forensic?
Windows forensics
Collecting Volatile Information
System Time
LoggedOn Users
Open Files
Network Connections
Process Information
Process to Port Mapping
Network Status
Print Spool Files
Clipboard Contents

• • The clipboard is simply an area of memory where data can be

stored for later use.
• • Most Windows applications provide this functionality through the
Edit option on
• the menu bar.
• • Clicking Edit reveals a drop-down menu with choices like Cut, Copy,
and Paste
Collecting Non Volatile Information
Windows Registry Analysis
Event Logs
Slack Space
Virtual Memory
Page File
Windows Search Index
Collecting Hidden Partition Information
MAC FORENSICS

Forensic Data Acquisition Guide
100% (1)
Forensic Data Acquisition Guide
45 pages
291 Exam 1
100% (1)
291 Exam 1
11 pages
Operating System CS211L Lab - 01 Ubuntu Installation
No ratings yet
Operating System CS211L Lab - 01 Ubuntu Installation
16 pages
Cyber Security Lab Manual
No ratings yet
Cyber Security Lab Manual
52 pages
MapR Sandbox For Hadoop DocUpdateFor3.1.1
No ratings yet
MapR Sandbox For Hadoop DocUpdateFor3.1.1
7 pages
Install Windows Server 2016 on VM
No ratings yet
Install Windows Server 2016 on VM
8 pages
8 Introduction To IDA Pro
No ratings yet
8 Introduction To IDA Pro
34 pages
Learning Malware Analysis
No ratings yet
Learning Malware Analysis
113 pages
Module 02 - Footprinting and Reconnaissance - Lab 4 - Perform Website Footprinting
No ratings yet
Module 02 - Footprinting and Reconnaissance - Lab 4 - Perform Website Footprinting
41 pages
Java Installation Guide for Students
No ratings yet
Java Installation Guide for Students
4 pages
10 KnowledgeC Investigation
No ratings yet
10 KnowledgeC Investigation
42 pages
Blockchain for Tech Enthusiasts
No ratings yet
Blockchain for Tech Enthusiasts
1 page
Int242 Cyber Security Essentials
No ratings yet
Int242 Cyber Security Essentials
2 pages
Security Tool Exercises: MBSA & Nmap
No ratings yet
Security Tool Exercises: MBSA & Nmap
5 pages
Se161148 Lab2 3.2,4,6.1
No ratings yet
Se161148 Lab2 3.2,4,6.1
34 pages
DMF Lab Manual
No ratings yet
DMF Lab Manual
31 pages
Hadoop Setup for Beginners
No ratings yet
Hadoop Setup for Beginners
4 pages
Endian Firewall Administrators Guide
No ratings yet
Endian Firewall Administrators Guide
296 pages
CS Unit 5
No ratings yet
CS Unit 5
7 pages
Network Protocols and Port Numbers
No ratings yet
Network Protocols and Port Numbers
25 pages
Python-Nmap - Nmap From Python
No ratings yet
Python-Nmap - Nmap From Python
7 pages
Ics2305 Systems Programming Lecture Notes
No ratings yet
Ics2305 Systems Programming Lecture Notes
73 pages
Notepad Internals: Extern Labs Pvt. Ltd. 22/2/2022
No ratings yet
Notepad Internals: Extern Labs Pvt. Ltd. 22/2/2022
7 pages
#1 Hashing
No ratings yet
#1 Hashing
22 pages
Student Enrollment Form
No ratings yet
Student Enrollment Form
1 page
Ty Linux MCQ
No ratings yet
Ty Linux MCQ
8 pages
Operating Systems Course Outline
No ratings yet
Operating Systems Course Outline
50 pages
INT250
No ratings yet
INT250
2 pages
Integrating Snort With OSSIM PDF
No ratings yet
Integrating Snort With OSSIM PDF
6 pages
Ii BSC - Operating System Material
No ratings yet
Ii BSC - Operating System Material
87 pages
FortiOS 7.6 Troubleshooting Cheat Sheet
No ratings yet
FortiOS 7.6 Troubleshooting Cheat Sheet
6 pages
Cloud Computing Lab Manual-New
No ratings yet
Cloud Computing Lab Manual-New
150 pages
PortFast and UplinkFast
No ratings yet
PortFast and UplinkFast
8 pages
UNIX/Linux Overview & Commands
No ratings yet
UNIX/Linux Overview & Commands
12 pages
System Programming Question Bank
50% (2)
System Programming Question Bank
6 pages
Winappdbg 1.5 Tutorial
No ratings yet
Winappdbg 1.5 Tutorial
79 pages
Introduction To Linux Operating System
No ratings yet
Introduction To Linux Operating System
31 pages
Guide To Operating Systems Security
No ratings yet
Guide To Operating Systems Security
2 pages
Practical Exercise 4 - Configuring Dhcpv4 On A Router
No ratings yet
Practical Exercise 4 - Configuring Dhcpv4 On A Router
9 pages
Tools of The Trade - Linux, SQL
No ratings yet
Tools of The Trade - Linux, SQL
17 pages
How To Set Up A Hadoop Cluster in Docker
No ratings yet
How To Set Up A Hadoop Cluster in Docker
13 pages
Hadoop Python MapReduce Tutorial For Beginners
No ratings yet
Hadoop Python MapReduce Tutorial For Beginners
15 pages
Mohammed J. Zaki and Wagner Meira, JR: Second Edition Cambridge University Press, March 2020 ISBN: 978-1108473989
No ratings yet
Mohammed J. Zaki and Wagner Meira, JR: Second Edition Cambridge University Press, March 2020 ISBN: 978-1108473989
1 page
OS Concepts for Computer Science Students
No ratings yet
OS Concepts for Computer Science Students
10 pages
Educational Technology & Education Conferences #41 June To December 2019 Clayton R Wright
No ratings yet
Educational Technology & Education Conferences #41 June To December 2019 Clayton R Wright
147 pages
Evolution of Machine Learning
No ratings yet
Evolution of Machine Learning
23 pages
Nmap Script Scanning for Sysadmins
No ratings yet
Nmap Script Scanning for Sysadmins
5 pages
Complete OS Notes For Degree Student
No ratings yet
Complete OS Notes For Degree Student
127 pages
Full Stack UNIT 3
No ratings yet
Full Stack UNIT 3
36 pages
Bulloch Faqs: Olutions To Some of The Most Common Transaction Issues
No ratings yet
Bulloch Faqs: Olutions To Some of The Most Common Transaction Issues
14 pages
Basic Openvas Tutorial
No ratings yet
Basic Openvas Tutorial
3 pages
BgiData QB
100% (1)
BgiData QB
3 pages
Linux Lab
No ratings yet
Linux Lab
4 pages
Installation of Hadoop in Windows10
No ratings yet
Installation of Hadoop in Windows10
4 pages
IA 400 Malware Analysis Syllabus
No ratings yet
IA 400 Malware Analysis Syllabus
5 pages
Bind 9
No ratings yet
Bind 9
33 pages
Chapter 4 Operating System Security
No ratings yet
Chapter 4 Operating System Security
56 pages
HP Fortify Static Code Analyzer: User Guide
No ratings yet
HP Fortify Static Code Analyzer: User Guide
136 pages
Day 19
No ratings yet
Day 19
5 pages
Module 07 Windows Forensics
100% (2)
Module 07 Windows Forensics
19 pages
Python Basics - Python Syntax: Whitespace and Indentation
No ratings yet
Python Basics - Python Syntax: Whitespace and Indentation
18 pages
Computer Forensics FAQ Guide
No ratings yet
Computer Forensics FAQ Guide
40 pages
Introduction To Malware
No ratings yet
Introduction To Malware
86 pages
Data Acquisition
No ratings yet
Data Acquisition
29 pages
Comprehensive Risk Management Guide
No ratings yet
Comprehensive Risk Management Guide
166 pages
(7-2) Math Show دالة الصحيح
No ratings yet
(7-2) Math Show دالة الصحيح
7 pages
Bus Cont Plan
No ratings yet
Bus Cont Plan
45 pages

OS Forensic Techniques Guide

Uploaded by

OS Forensic Techniques Guide

Uploaded by

OS FORENSIC

• • The clipboard is simply an area of memory where data can be

You might also like