For Step 3 of the digital forensics examination and analysis phase we need to discuss the types of data commonly analyzed in digital forensics cases, the tools capable of performing the analysis, and commonly used steps investigators use with tools to perform the analysis. You will need to pick two of the three evidence sources and provide evidentiary data commonly recovered from these sources, and the tools and examination/analysis used to draw conclusions about threat behavior.
Pick two of the three evidence sources and provide evidentiary data commonly recovered from these sources, and the tools and examination/analysis used to draw conclusions about threat behavior.
Source #1: Windows and Network log files (Ch. 15)
Discuss the types of user data Windows and Network log files contain and the tools and steps used to analyze this data.
Source #2: Registry (Ch. 15)
Discuss the names of the Registry locations containing incriminating user data, what the data reveals about user behavior, and the tools and steps used to analyze this data.
Source #3: Web/Internet Browser History (Ch. 15)
Discuss the types of incriminating user data that can be found within web and Internet browser history, and the tools and steps used to analyze this data. with references
