1 |
Microsoft, "Inside the Registry," http://technet.microsoft.com/en-us/library/cc750583.aspx ; December 4, 2013[accessed March 2014].
|
2 |
Yogesh Khatri, "Amcache.hve in Windows 8 - Goldmine for malware hunters," http://www.swiftforensics.com/2013/12/amcachehve-in-windows-8-goldmine-for.html ; December 4, 2013[accessed March 2014].
|
3 |
Yogesh Khatri. "Amcache.hve - Part 2," http://www.swiftforensics.com/2013/12/amcachehve-part-2.html ; December 26, 2013[accessed March 2014).
|
4 |
Corey Harrell, "Revealing the RecentFile Cache.bcf File," http://journeyintoir.blogspot.in/2013/12/revealing-recentfilecachebcf-file.html ; December 2, 2013[access ed March 2014).
|
5 |
M. Russinovich and B. Cogswell, Microsof t, process monitor(2013) Available from http://technet.microsoft.com/en-ie/sysinternals/bb896645.aspx
|
6 |
Jain, Anu, and Gurpal Singh Chhabra, "Anti-forensics techniques: An analytical review," Contemporary Computing (IC3), 2014 Seventh International Conference on. IEEE, pp. 412-418, Aug. 2014.
|
7 |
Corey Harrell, "Revealing Program Compatibility Assistant HKCU AppCompatFlags Registry Keys," http://journeyintoir.blogspot.kr/2013/12/revealing-program-compatibility.html ; December 17, 2013[accessed March 2014).
|
8 |
Mark E. Russinovich, David A. Solomon and Alex Ionescu, Internals, 5th Ed., Microsoft press, pp. 332-333, 2009.
|
9 |
MSDN Blogs. "Misinformation and the The Prefetch Flag," http://blogs.msdn.com/b/ryanmy/archive/2005/05/25/421882.aspx ; December 17, 2013[accessed March 2014).
|
10 |
Chan-Youn Lee and Sangjin Lee, "Structure and application of IconCache.db files for digital forensics," Digital Investigation, vol. 11, no. 2, pp. 102-110, June. 2014.
DOI
|