Abstract
Uncovering a computer user’s past activities is one of the most common tasks for a computer forensics investigator. Often, this task is straightforward and can be accomplished primarily through a detailed analysis of the relevant data and application files present on a system. However, a tremendous amount of information can also be discovered which might otherwise be thought lost or hidden. By discovering data on a computer which a suspect has tried to hide or destroy, or by uncovering information in the depths of the operating system (or even in areas no longer used by the operating system) an investigator may be able to gain vital evidence. This article describes some of the methods used by investigators to uncover these types of data on Windows systems.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
