1. Frequently the first responder to a computer crime is the network administrator.
2. netstat is a command you can use with a forensic copy of a machine to compare two files.
3. The Windows Registry contains a list of USB devices that have been connected to the machine.
4. In Linux the command to set up a target forensics server to receive a copy of a drive is dd.
5. The chain of custody accounts for the handling of evidence and documents that handling.
6. Most Windows logs are turned on automatically.
7. Windows stores web browsing information in a file called index.dat.
8. Windows logging can be turned on and off with a tool called auditpol.exe.
9. The Windows command fc lists all active sessions to the computer.
10. The Windows Registry lists USB devices that have been connected to the machine.