|
I am not an expert. I have never claimed to be an expert at anything (at least not
seriously done so), least of all an expert in digital forensic analysis of Windows
systems. I am simply someone who has found an interest in my chosen field of
employment, and a passion to dig deeper. I enjoy delving into and extending the
investigative process, as well as exploring new ways to approach problems in the
field of digital forensic analysis. It was more than 13 years ago that I decided to
focus on Windows systems specifically, in large part because no one else on the
team I worked with at the time did so. We had folks who focused on routers and
firewalls, as well as those who focused on Linux; however, almost no effort, beyond
enabling configuration settings in the vulnerability scanner we used, was put toward
really understanding Windows systems. As I moved from vulnerability assessments
into incident response and digital forensic analysis, understanding what was happening
“under the hood” on Windows systems, understanding what actions could
create or modify certain artifacts, became a paramount interest. I am not an expert.
When I sat down to write this book, I wanted to take a different approach from
the second edition; that is, rather than starting with the manuscript from the previous
edition and adding new material, I wanted to start over completely and write
an entirely new book, creating a companion book to the second edition. As I was
writing the second edition, Windows 7 was gaining greater prominence in the marketplace,
and there has been considerably more effort dedicated toward and developments
as a result of research into Windows 7 artifacts. Even now, as I write this
book (summer 2011), Windows 8 is beginning to poke its head over the horizon,
and it likely won’t be too awfully long before we begin to see Windows 8 systems.
As such, there’s a good deal more to write about and address, so I wanted to write
a book that, rather than focusing on Windows XP and looking ahead now and again
to Windows 7, instead focused on Windows 7 as an analysis platform and target,
and refer back to previous versions of Windows when it made sense to do so. |