Chad Steel
ISBN: 0-470-03862-4
Paper
408 pages
May 2006

The book can best be described as a handbook and guide for conducting computer investigations in a corporate setting, with a focus on the most prevalent operating system (Windows). The book is supplemented with sidebar/callout topics of current interest with greater depth, and case studies. The organization is broken into sections as follows:

Section 1: Computer Forensics Basics
The first section is a brief on the emerging field of computer forensics, what it takes to become a forensic analyst, and the basics for whats needed in a corporate forensics setting.

Section 2: Windows Basics for the Forensic Examiner
The Windows operating system family is comprised of several complex pieces of software. This section focuses specifically on the makeup of Windows from a forensic perspective, and details those components which will be analyzed in later chapters.

Section 3: Windows Forensics
Leveraging the contents of sections 1 and 2, this section brings together the investigative techniques fromsection 1 and the Windows specifics of section 2 and applies them to real analysis actions.