CART

(0) items

Windows Forensic Analysis Toolkit : Advanced Analysis Techniques for Windows 7,9781597497275
This item qualifies for
FREE SHIPPING!

FREE SHIPPING OVER $59!

Your order must be $59 or more, you must select US Postal Service Shipping as your shipping preference, and the "Group my items into as few shipments as possible" option when you place your order.

Bulk sales, PO's, Marketplace Items, eBooks, Apparel, and DVDs not included.

Windows Forensic Analysis Toolkit : Advanced Analysis Techniques for Windows 7

by
Edition:
3rd
ISBN13:

9781597497275

ISBN10:
1597497274
Format:
Paperback
Pub. Date:
1/27/2012
Publisher(s):
Elsevier Science Ltd
List Price: $69.95

eTextbook


 
Duration
Price
$54.56

Rent Textbook

We're Sorry
Sold Out

Used Textbook

We're Sorry
Sold Out

New Textbook

We're Sorry
Sold Out

More New and Used
from Private Sellers
Starting at $60.56
See Prices

Summary

Author Harlan Carvey has brought his best-selling book up-to-date to give you: the responder, examiner, or analyst the must-have tool kit for your job. Windows is the largest operating system on desktops and servers worldwide, which mean more intrusions, malware infections, and cybercrime happen on these systems. Windows Forensic Analysis DVD Toolkit, 2E covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. The book is also accessible to system administrators, who are often the frontline when an incident occurs, but due to staffing and budget constraints do not have the necessary knowledge to respond effectively. The book's companion DVD contains significant new and updated materials (movies, spreadsheet, code, etc.) not available any place else, because they are created and maintained by the author. Best-Selling Windows Digital Forensic book completely updated in this 2nd Edition Learn how to Analyze Data During Live and Post-Mortem Investigations DVD Includes Custom Tools, Updated Code, Movies, and Spreadsheets! A brand-new chapter, "Forensic Analysis on a Budget," collects freely available tools that are essential for small labs, state (or below) law enforcement, and educational organizations New pedagogical elements, Lessons from the Field, Case Studies, and War Stories, present real-life experiences from the trenches by an expert in the trenches, making the material real and showing the why behind the how The companion DVD contains new, significant, and unique materials (movies, spreadsheet, code, etc.) not available anyplace else because they were created by the author

Author Biography

Harlan Carvey (CISSP) is Vice President of Advanced Security Projects with Terremark Worldwide, Inc., which is headquartered in Miami, FL. Harlan has provided forensic analysis services for the hospitality industry, financial institutions, as well as federal government and law enforcement agencies. Harlan resides in Northern Virginia with his family.

Table of Contents

Prefacep. xi
Acknowledgmentsp. xvii
About the Authorp. xix
About the Technical Editorp. xxi
Analysis Conceptsp. 1
Introductionp. 1
Analysis Conceptsp. 3
Windows Versionsp. 4
Analysis Principlesp. 6
Documentationp. 15
Convergencep. 16
Virtualizationp. 17
Setting Up an Analysis Systemp. 19
Summaryp. 22
Immediate Responsep. 23
Introductionp. 23
Being Prepared to Respondp. 24
Questionsp. 25
The Importance of Preparationp. 28
Logsp. 31
Data Collectionp. 36
Trainingp. 39
Summaryp. 40
Volume Shadow Copiesp. 43
Introductionp. 43
What Are "Volume Shadow Copies"?p. 44
Registry Keysp. 45
Live Systemsp. 46
ProDiscoverp. 49
F-Responsep. 50
Acquired Imagesp. 52
VHD Methodp. 54
VMWare Methodp. 58
Automating VSC Accessp. 62
ProDiscoverp. 64
Summaryp. 67
Referencep. 67
File Analysisp. 69
Introductionp. 70
MFTp. 70
File System Tunnelingp. 76
Event Logsp. 78
Windows Event Logp. 82
Recycle Binp. 85
Prefetch Filesp. 88
Scheduled Tasksp. 92
Jump Listsp. 95
Hibernation Filesp. 101
Application Filesp. 102
Antivirus Logsp. 103
Skypep. 104
Apple Productsp. 105
Image Filesp. 106
Summaryp. 108
Referencesp. 109
Registry Analysisp. 111
Introductionp. 112
Registry Analysisp. 112
Registry Nomenclaturep. 113
The Registry as a Log Filep. 114
USB Device Analysisp. 115
System Hivep. 128
Software Hivep. 131
User Hivesp. 139
Additional Sourcesp. 148
Toolsp. 150
Summaryp. 153
Referencesp. 153
MaIware Detectionp. 155
Introductionp. 156
Malware Characteristicsp. 156
Initial Infection Vectorp. 158
Propagation Mechanismp. 160
Persistence Mechanismp. 162
Artifactsp. 165
Detecting Malwarep. 168
Log Analysisp. 169
Antivirus Scansp. 173
Digging Deeperp. 177
Seeded Sitesp. 191
Summaryp. 193
Referencesp. 193
Timeline Analysisp. 195
Introductionp. 196
Timelinesp. 196
Data Sourcesp. 198
Time Formatsp. 199
Conceptsp. 200
Benefitsp. 202
Formatp. 204
Creating Timelinesp. 210
File System Metadatap. 211
Event Logsp. 217
Prefetch Filesp. 221
Registry Datap. 222
Additional Sourcesp. 224
Parsing Events into a Timelinep. 225
Thoughts on Visualizationp. 228
Case Studyp. 229
Summaryp. 232
Application Analysisp. 233
Introductionp. 233
Log Filesp. 235
Dynamic Analysisp. 236
Network Capturesp. 241
Application Memory Analysisp. 243
Summaryp. 244
Referencesp. 244
Indexp. 245
Table of Contents provided by Ingram. All Rights Reserved.


Please wait while the item is added to your cart...