Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
What is included with this book?
Preface | p. xi |
Acknowledgments | p. xvii |
About the Author | p. xix |
About the Technical Editor | p. xxi |
Analysis Concepts | p. 1 |
Introduction | p. 1 |
Analysis Concepts | p. 3 |
Windows Versions | p. 4 |
Analysis Principles | p. 6 |
Documentation | p. 15 |
Convergence | p. 16 |
Virtualization | p. 17 |
Setting Up an Analysis System | p. 19 |
Summary | p. 22 |
Immediate Response | p. 23 |
Introduction | p. 23 |
Being Prepared to Respond | p. 24 |
Questions | p. 25 |
The Importance of Preparation | p. 28 |
Logs | p. 31 |
Data Collection | p. 36 |
Training | p. 39 |
Summary | p. 40 |
Volume Shadow Copies | p. 43 |
Introduction | p. 43 |
What Are "Volume Shadow Copies"? | p. 44 |
Registry Keys | p. 45 |
Live Systems | p. 46 |
ProDiscover | p. 49 |
F-Response | p. 50 |
Acquired Images | p. 52 |
VHD Method | p. 54 |
VMWare Method | p. 58 |
Automating VSC Access | p. 62 |
ProDiscover | p. 64 |
Summary | p. 67 |
Reference | p. 67 |
File Analysis | p. 69 |
Introduction | p. 70 |
MFT | p. 70 |
File System Tunneling | p. 76 |
Event Logs | p. 78 |
Windows Event Log | p. 82 |
Recycle Bin | p. 85 |
Prefetch Files | p. 88 |
Scheduled Tasks | p. 92 |
Jump Lists | p. 95 |
Hibernation Files | p. 101 |
Application Files | p. 102 |
Antivirus Logs | p. 103 |
Skype | p. 104 |
Apple Products | p. 105 |
Image Files | p. 106 |
Summary | p. 108 |
References | p. 109 |
Registry Analysis | p. 111 |
Introduction | p. 112 |
Registry Analysis | p. 112 |
Registry Nomenclature | p. 113 |
The Registry as a Log File | p. 114 |
USB Device Analysis | p. 115 |
System Hive | p. 128 |
Software Hive | p. 131 |
User Hives | p. 139 |
Additional Sources | p. 148 |
Tools | p. 150 |
Summary | p. 153 |
References | p. 153 |
MaIware Detection | p. 155 |
Introduction | p. 156 |
Malware Characteristics | p. 156 |
Initial Infection Vector | p. 158 |
Propagation Mechanism | p. 160 |
Persistence Mechanism | p. 162 |
Artifacts | p. 165 |
Detecting Malware | p. 168 |
Log Analysis | p. 169 |
Antivirus Scans | p. 173 |
Digging Deeper | p. 177 |
Seeded Sites | p. 191 |
Summary | p. 193 |
References | p. 193 |
Timeline Analysis | p. 195 |
Introduction | p. 196 |
Timelines | p. 196 |
Data Sources | p. 198 |
Time Formats | p. 199 |
Concepts | p. 200 |
Benefits | p. 202 |
Format | p. 204 |
Creating Timelines | p. 210 |
File System Metadata | p. 211 |
Event Logs | p. 217 |
Prefetch Files | p. 221 |
Registry Data | p. 222 |
Additional Sources | p. 224 |
Parsing Events into a Timeline | p. 225 |
Thoughts on Visualization | p. 228 |
Case Study | p. 229 |
Summary | p. 232 |
Application Analysis | p. 233 |
Introduction | p. 233 |
Log Files | p. 235 |
Dynamic Analysis | p. 236 |
Network Captures | p. 241 |
Application Memory Analysis | p. 243 |
Summary | p. 244 |
References | p. 244 |
Index | p. 245 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.