Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Detailed Forensic Procedure for Laptop computers

Download File
Detailed Forensic Procedure for Laptop computers (PDF, 1.67MB)Published: 08 Aug, 2003
Created by
Matt Pierce

Forensic analysis is the process of accurately documenting and interpreting information for presentation to an authoritative group. In most situations that group would be a court of law, but management will often request forensic preservation of information as well. Due to the easily changeable nature of digital information, great care must be put into the handling of any forensic analysis. Evidence grade information must be unbiased, and complete before it can be relied upon. Not only must the data be collected, but also the original media must be preserved. Furthermore it is necessary to record the state of the computer that produced the data. Laptop computers present additional technical issues. The hardware in a laptop computer has typically been modified for energy preservation and size. These modifications can frustrate a forensic examiner's normal use of tools and procedures. This document will discuss what forensic analysis is and why it is important. Also discussed will be how laptop computers affect forensic analysis. Finally, this document will describe three procedures for developing forensic information from a laptop computer running a Microsoft operating system.

Additional resources

Hashing and Digital Evidence – Hunting

WhitepaperDigital Forensics and Incident Response
  • 8 Jul 2025

SANS 2025 CTI Survey Webcast & Forum: Navigating Uncertainty in Today’s Threat Landscape

WhitepaperDigital Forensics and Incident Response, Security Awareness, Cybersecurity and IT Essentials
  • 20 May 2025
  • Rebekah Brown, Andreas Sfakianakis

Beneath the Mask: Can Contribution Data Unveil Malicious Personas in Open-Source Projects?

WhitepaperArtificial Intelligence, Digital Forensics and Incident Response
  • 13 May 2025
  • SANS Institute

Catching the Hand in the Cookie Jar: Canary Session Cookies

WhitepaperDigital Forensics and Incident Response
  • 17 Apr 2025

A Pebble In the Ocean: Maximizing Log Fidelity In Container Environments

WhitepaperDigital Forensics and Incident Response, Security Awareness
  • 17 Apr 2025

SANS 2025 Threat Hunting Survey: Advancements in Threat Hunting Amid AI and Cloud Challenges

WhitepaperDigital Forensics and Incident Response
  • 13 Mar 2025
  • Josh Lemon

Related courses

  • Slide 1 of 16

    SEC402: Cybersecurity Writing: Hack the Reader

    Essentials
    SEC402Digital Forensics and Incident Response
    FOR528: Ransomware and Cyber Extortion
    • 12 CPEs / 12 Hours (Self-Paced)

    View course detailsRegister
  • Slide 2 of 16

    FOR589: Cybercrime Investigations

    Major UpdatesIntermediate
    FOR589Digital Forensics and Incident Response
    FOR589: Cybercrime Intelligence
    • 5 Days (Instructor-Led)
    • 30 CPEs / 30 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 3 of 16

    FOR585: Smartphone Forensic Analysis In-Depth

    Major UpdatesEssentials
    FOR585Digital Forensics and Incident Response
    FOR585: Smartphone Forensic Analysis In-Depth
    • GIAC Advanced Smartphone Forensics (GASF)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 22 Hands-On Labs

    View course detailsRegister
  • Slide 4 of 16

    FOR608: Enterprise-Class Incident Response & Threat Hunting

    Intermediate
    FOR608Digital Forensics and Incident Response
    FOR608: Enterprise-Class Incident Response & Threat Hunting
    • GIAC Enterprise Incident Responder (GEIR)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 5 of 16

    FOR518: Mac and iOS Forensic Analysis and Incident Response

    Intermediate
    FOR518Digital Forensics and Incident Response
    FOR518: Mac and iOS Forensic Analysis and Incident Response
    • GIAC iOS and macOS Examiner (GIME)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 23 Hands-On Labs

    View course detailsRegister
  • Slide 6 of 16

    FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

    Intermediate
    FOR508Digital Forensics and Incident Response
    FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
    • GIAC Certified Forensic Analyst (GCFA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 35 Hands-On Labs

    View course detailsRegister
  • Slide 7 of 16

    FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

    Advanced
    FOR610Digital Forensics and Incident Response
    FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
    • GIAC Reverse Engineering Malware (GREM)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 48 Hands-On Labs

    View course detailsRegister
  • Slide 8 of 16

    FOR578: Cyber Threat Intelligence

    Intermediate
    FOR578Digital Forensics and Incident Response
    FOR578: Cyber Threat Intelligence
    • GIAC Cyber Threat Intelligence (GCTI)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 9 of 16

    FOR509: Enterprise Cloud Forensics and Incident Response

    Intermediate
    FOR509Digital Forensics and Incident Response
    FOR509: Enterprise Cloud Forensics and Incident Response
    • GIAC Cloud Forensics Responder (GCFR)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 10 of 16

    FOR528: Ransomware and Cyber Extortion

    Intermediate
    FOR528Digital Forensics and Incident Response
    FOR528: Ransomware and Cyber Extortion
    • 4 Days (Instructor-Led)
    • 24 CPEs / 24 Hours (Self-Paced)
    • Labs: 13 Hands-On Labs

    View course detailsRegister
  • Slide 11 of 16

    FOR577: LINUX Incident Response and Threat Hunting

    newIntermediate
    FOR577Digital Forensics and Incident Response
    FOR577: LINUX Incident Response and Threat Hunting
    • GIAC Linux Incident Responder (GLIR)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 23 Hands-On Labs

    View course detailsRegister
  • Slide 12 of 16

    FOR710: Reverse-Engineering Malware: Advanced Code Analysis

    Advanced
    FOR710Digital Forensics and Incident Response
    FOR710: Reverse-Engineering Malware: Advanced Code Analysis
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 12 Hands-On Labs

    View course detailsRegister
  • Slide 13 of 16

    FOR498: Digital Acquisition and Rapid Triage

    Essentials
    FOR498Digital Forensics and Incident Response
    FOR498: Digital Acquisition and Rapid Triage
    • GIAC Battlefield Forensics and Acquisition (GBFA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
  • Slide 14 of 16

    SEC403: Secrets to Successful Cybersecurity Presentation

    Essentials
    SEC403Digital Forensics and Incident Response
    FOR500: Windows Forensic Analysis
    • 6 CPEs / 6 Hours (Self-Paced)

    View course detailsRegister
  • Slide 15 of 16

    FOR500: Windows Forensic Analysis

    Essentials
    FOR500Digital Forensics and Incident Response
    FOR500: Windows Forensic Analysis
    • GIAC Certified Forensic Examiner (GCFE)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 22 Hands-On Labs

    View course detailsRegister
  • Slide 16 of 16

    FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

    Advanced
    FOR572Digital Forensics and Incident Response
    FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
    • GIAC Network Forensic Analyst (GNFA)
    • 6 Days (Instructor-Led)
    • 36 CPEs / 36 Hours (Self-Paced)
    • Labs: 20 Hands-On Labs

    View course detailsRegister
Detailed Forensic Procedure for Laptop computers