Home > Computer Forensic on Windows Operating System

The mostly widely used operating system is Microsoft’s Windows. But at the same time it happens to be the most exploitable and vulnerable to attacks. Computer forensics investigation deals with analyzing the fundamentals of the computer system to gather evidence in a manner that is legally valid. As it is a known fact that almost all the operating system consist of a Big brother - kernel that is responsible for monitoring the activities of the user.

Even the third party software can be used to monitor the activities of the user. The Windows operating system allows the flexibility of installing most of the software. The usual procedure of windows computer forensic is briefly discussed below. Usually the files and data that are examined are the recycle bin to look out for the deleted files and folders, along with place holders etc. The information regarding file meta data is also important.

There are other things also that need the attention of the computer forensics professional. For example the date and time and the time stamps etc. The file summary data files are also scanned in windows forensics. The print spools as well as the remnants like the temporary files, print jobs, etc. The data that is unallocated for example the unallocated data carving which means recovering the files from an unallocated space. The unallocated data may also be from the embedded space.

The importance of log files and the link files exists in any operating system. So is it in the windows operating system. The windows log files that provide the information of the different users and their activities. The log file can be used to access the information like the login information – at what time the user has logged in and logged out. It is also used for system device access.

The registry file data is such information that need be considered for computer forensics. The registry file data can be viewed using the registry viewer. The important information that is observable includes the ntuser.dat type of files or the system files like protected storage data. Computer forensics professional should also deal to gain access to the Microsoft Encrypted File System - EFS component. They are also desired to parse the thumbnail lists from Windows and other applications programs.

The importance of windows registry is noticeable in computer forensics. Even the network administrators are required to have the specific knowledge of windows forensics. They are also required to have the knowledge of other various operating system artifacts which relate to computer forensic investigations.

There is training provided for the windows forensics by several organizations. There are even certification courses that enable the computer forensics professional to prove himself in the field of computer forensics. There is also an optional opportunity in Practical Skills Assessment – PSA.

The process requires the participant to apply the concepts that are presented during the curriculum of the course to be completed as a practical exercise. Those participants receive a certification that completes the exercises successfully. Prevention from hacking is also a part of windows forensics.

More Information
Intentional Data Loss
Operating System
Basics Computer Forensic
Software Computer Forensic
Computer Forensic Professional
Computer Forensics Impact
Need for Computer Forensics
Computer Forensic Service
Training
Policies
Computer Forensics Advantages
Computer Forensics Disadvantages
Online Support
Business Organization
Analysis Computer Forensics
Steganalysis
Evidence Tracking
Network Forensic Tool
Cryptography
Hackers
Cracker
Internet Security
Firewall
Network Forensic Tool
Acquiring Evidence