Corey Harrell started a series of posts about VSC at the “Journey Into Incident Response” blog:
A nice paper:
“A paper about how Microsoft’s WOW64 technology unintentionally fools IT-Security analysts. “
Nice article on data gathering from MS Outlook files:
Nice post about timelining for Windows images:
There’s a nice article at SpiderLabs (Sniper Forensics – Part 1: A Brief History Lesson) which summarizes three interesting thesis and adopts them to modern problem solving and investigations (e.g. forensics).
Occam’s Razor / Lex Parsimoniae
(by William of Occam / Ockham)
When selecting hypothesis, the one that makes the fewest number of new assumptions is more likely to be correct.