You already know that you can extract quite a lot of useful forensic artifacts from a memory dump. But there is more: you can perform memory forensics even without a memory dump! There are files on the drive that contain some parts of memory. These files are pagefile.sys, swapfile.sys, and hiberfil.sys, and they are located at the system root (C:). In this recipe, we will show you how to extract browser data from pagefile.sys with Belkasoft Evidence Center.
Extracting web browser data from Pagefile.sys
by Scar de Courcier, Oleg Skulkin
Windows Forensics Cookbook
- Preface
- Digital Forensics and Evidence Acquisition
- Windows Memory Acquisition and Analysis
- Windows Drive Acquisition
- Windows File System Analysis
- Windows Shadow Copies Analysis
- Windows Registry Analysis
- Main Windows Operating System Artifacts
- Introduction
- Recycle Bin content analysis with EnCase Forensic
- Recycle bin content analysis with Rifiuti2
- Recycle bin content analysis with Magnet AXIOM
- Event log analysis with FullEventLogView
- Event log analysis with Magnet AXIOM
- Event log recovery with EVTXtract
- LNK file analysis with EnCase forensic
- LNK file analysis with LECmd
- LNK file analysis with Link Parser
- Prefetch file analysis with Magnet AXIOM
- Prefetch file parsing with PECmd
- Prefetch file recovery with Windows Prefetch Carver
- Web Browser Forensics
- Email and Instant Messaging Forensics
- Windows 10 Forensics
- Data Visualization
- Troubleshooting in Windows Forensic Analysis
Extracting web browser data from Pagefile.sys
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.