2. +
Computer Forensic specialisations
• File Systems Forensics
• Memory Forensics
• Network Forensics
• Malware Analysis
• OS Specific (aka Windows
Forensics, *uix)
• Incident Response
• Mobile Forensics
• Internet Forensics
• Registry Forensics
• Hardware & Electronics
• Here you can read more on
forensic specialisations
Get experience in as many as you can, them specialise!
2
14. +
Time Line of events (log2timeline)
• evt - Parse the content of a Windows 2k/
XP/2k3 Event Log
• evtx - Parse the content of a Windows
XML Event Log (EVTX) file
• exif - Extract metadata information from
files using ExifTool
• ff_bookmark - Parse the content of a
Firefox bookmark file
• firefox2 - Parse the content of a Firefox 2
browser history
• firefox3 - Parse the content of a Firefox 3
history file
• iehistory - Parse the content of an
index.dat file containg IE history
• chrome - Parse the content of a Chrome
history file
• opera - Parse the content of an Opera's
global history file
• mactime - Parse the content of a body
file in the mactime format
• mcafee - Parse the content of a log file
• pdf - Parse some of the available PDF
document metadata
• prefetch - Parse the content of the
Prefetch directory
• recycler - Parse the content of the
recycle bin directory
• restore - Parse the content of the restore
point directory
• setupapi - Parse the content of the
SetupAPI log file in Windows XP
• userassist - Parses the NTUSER.DAT
registry file
• win_link - Parse the content of a
Windows shortcut file (or a link file)
• xpfirewall - Parse the content of a XP
Firewall log
14