Windows 7 forensics, like any other forms of digital investigations involves carrying out investigative activities on a computer to get evidence for criminal prosecution or other uses outside the courts. Typically, computer forensics involves four major steps, data preservation, data acquisition, data authentication, and data analysis. The first two steps involve bit by bit data acquisition and preservation of the hard drive data (Mare, 2014). The third step involves verification of the acquired hard drive data, while the last step, which is also the most important, involves analyzing and examining the data using various forensic tools.

You're lucky! Use promo "samples20"
and get a custom paper on
"Windows 7 Forensics"
with 20% discount!
Order Now

Windows 7 forensic investigations follow the above steps, but the investigators have to look for detailed information from various artifacts that come with the operating system. Averagely, a forensic investigator has to source data from over ten artifacts , which include my document artifacts, meta data artifacts, cookies, thumb cache, logo, jump lists, app data, root user folder, desktop, recycle bin, and registry artifacts (Mare, 2014). These artifacts give leads to different information and data. Therefore, based on the need for investigation and the data being sought, investigators can target specific artifacts. For example, when looking for application event information, forwarded event information, setup event information, and security event information, accessing the logo artifacts would be the best option.

Finally, after acquiring and preserving data from the artifacts named above, one goes ahead and initiates the third and fourth steps respectively. After verification of the retrieved data, the investigator should employ different forensic tools to determine any anomalies and inconsistencies in the information (Lee, & SANS DFIR Faculty, 2012). However, it is important to note that windows 7 forensic procedures may vary based on the target points and artifacts. The procedure finding out downloaded files varies from that used when finding out the deleted files. Thus it is important to know the exact target point and how to get data from the artifact involved.