Windows Forensics: The Field Guide for Corporate Computer Investigations

Chapter 4: Partitions and File Systems

Table 4-1: Master Boot Record Partition Definition

Table 4-2: File System Compatibility

Table 4-3: FAT32 Boot Sector

Table 4-4: Root Directory Entry

Table 4-5: FAT Date Format

Table 4-6: LFN Entry Format

Table 4-7: NTFS Boot Sector

Table 4-8: $Standard_Information Attribute Fields

Table 4-9: NTFS DOS File Permissions

Table 4-10: $File_Name Attribute Definition

Chapter 5: Directory Structure and Special Files

Table 5-1: Key Windows NT/2000/2003/XP Directories

Table 5-2: Common Windows Files

Chapter 6: The Registry

Table 6-1: General Registry Keys

Table 6-2: Folder Location Registry Keys

Table 6-3: Recently Used Item Registry Keys

Table 6-4: Startup Item Registry Keys

Chapter 11: Log File Analysis

Table 11-1: Log-on Types

Table 11-2: Object Access Events

Table 11-3: HTTP Response Codes

Chapter 12: Internet Usage Analysis

Table 12-1: Activity Records

Table 12-2: FastTrack Client Fields