Part 2
The above article was extremely informative and very interesting.
I don't know if it was available when the first post was made, but Part Two is available and well worth the read.
Here's the intro for part two:
Thanks for bringing this up, t2k2. Muchly appreciated!Introduction
This is the second of a two-part series of articles discussing the use of computer forensics in the examination of Windows-based computers. In Part One we discussed the wider legal issues raised by computer forensics and the benefits of pre-investigation preparation. In this article we will concentrate on the areas of a Windows file system that are likely to be of most interest to forensic investigators and the software tools that can be used to carry out an investigation.
You can find Part Two in full here.
L8R
D.
Reply With Quote