Windows Forensics: The Field Guide for Corporate Computer Investigations

Refer to the following list for additional resources:

• Autoruns Autostart Viewer From SysInternals

  • http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml

• FileMon File Monitor From SysInternals

  • http://www.sysinternals.com/Utilities/Filemon.html

• Microsoft Registry Viewer

  • http://www.microsoft.com/downloads/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en

• RegMon Registry Monitor From SysInternals

  • http://www.sysinternals.com/Utilities/Regmon.html

• RegShot Registry Snapshot Tool

  • http://www.majorgeeks.com/download965.html

• Windows Secret Explorer

  • http://www.lastbit.com/wse/default.asp

• WinISO CD Image Editor

  • http://www.winiso.com