Windows Forensic Analysis Toolkit

  • ISBN13:


  • ISBN10:


  • Edition: 3rd
  • Format: Paperback
  • Copyright: 2012-01-27
  • Publisher: Syngress Media Inc
  • Purchase Benefits
  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $69.95
  • eBook
    Add to Cart


Supplemental Materials

What is included with this book?

  • The eBook copy of this book is not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.


Author Harlan Carvey has brought his best-selling book up-to-date to give you: the responder, examiner, or analyst the must-have tool kit for your job. Windows is the largest operating system on desktops and servers worldwide, which mean more intrusions, malware infections, and cybercrime happen on these systems. Windows Forensic Analysis DVD Toolkit, 2E covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. The book is also accessible to system administrators, who are often the frontline when an incident occurs, but due to staffing and budget constraints do not have the necessary knowledge to respond effectively. The book's companion DVD contains significant new and updated materials (movies, spreadsheet, code, etc.) not available any place else, because they are created and maintained by the author. Best-Selling Windows Digital Forensic book completely updated in this 2nd Edition Learn how to Analyze Data During Live and Post-Mortem Investigations DVD Includes Custom Tools, Updated Code, Movies, and Spreadsheets! A brand-new chapter, "Forensic Analysis on a Budget," collects freely available tools that are essential for small labs, state (or below) law enforcement, and educational organizations New pedagogical elements, Lessons from the Field, Case Studies, and War Stories, present real-life experiences from the trenches by an expert in the trenches, making the material real and showing the why behind the how The companion DVD contains new, significant, and unique materials (movies, spreadsheet, code, etc.) not available anyplace else because they were created by the author

Author Biography

Harlan Carvey (CISSP) is Vice President of Advanced Security Projects with Terremark Worldwide, Inc., which is headquartered in Miami, FL. Harlan has provided forensic analysis services for the hospitality industry, financial institutions, as well as federal government and law enforcement agencies. Harlan resides in Northern Virginia with his family.

Table of Contents

Prefacep. xi
Acknowledgmentsp. xvii
About the Authorp. xix
About the Technical Editorp. xxi
Analysis Conceptsp. 1
Introductionp. 1
Analysis Conceptsp. 3
Windows Versionsp. 4
Analysis Principlesp. 6
Documentationp. 15
Convergencep. 16
Virtualizationp. 17
Setting Up an Analysis Systemp. 19
Summaryp. 22
Immediate Responsep. 23
Introductionp. 23
Being Prepared to Respondp. 24
Questionsp. 25
The Importance of Preparationp. 28
Logsp. 31
Data Collectionp. 36
Trainingp. 39
Summaryp. 40
Volume Shadow Copiesp. 43
Introductionp. 43
What Are "Volume Shadow Copies"?p. 44
Registry Keysp. 45
Live Systemsp. 46
ProDiscoverp. 49
F-Responsep. 50
Acquired Imagesp. 52
VHD Methodp. 54
VMWare Methodp. 58
Automating VSC Accessp. 62
ProDiscoverp. 64
Summaryp. 67
Referencep. 67
File Analysisp. 69
Introductionp. 70
MFTp. 70
File System Tunnelingp. 76
Event Logsp. 78
Windows Event Logp. 82
Recycle Binp. 85
Prefetch Filesp. 88
Scheduled Tasksp. 92
Jump Listsp. 95
Hibernation Filesp. 101
Application Filesp. 102
Antivirus Logsp. 103
Skypep. 104
Apple Productsp. 105
Image Filesp. 106
Summaryp. 108
Referencesp. 109
Registry Analysisp. 111
Introductionp. 112
Registry Analysisp. 112
Registry Nomenclaturep. 113
The Registry as a Log Filep. 114
USB Device Analysisp. 115
System Hivep. 128
Software Hivep. 131
User Hivesp. 139
Additional Sourcesp. 148
Toolsp. 150
Summaryp. 153
Referencesp. 153
MaIware Detectionp. 155
Introductionp. 156
Malware Characteristicsp. 156
Initial Infection Vectorp. 158
Propagation Mechanismp. 160
Persistence Mechanismp. 162
Artifactsp. 165
Detecting Malwarep. 168
Log Analysisp. 169
Antivirus Scansp. 173
Digging Deeperp. 177
Seeded Sitesp. 191
Summaryp. 193
Referencesp. 193
Timeline Analysisp. 195
Introductionp. 196
Timelinesp. 196
Data Sourcesp. 198
Time Formatsp. 199
Conceptsp. 200
Benefitsp. 202
Formatp. 204
Creating Timelinesp. 210
File System Metadatap. 211
Event Logsp. 217
Prefetch Filesp. 221
Registry Datap. 222
Additional Sourcesp. 224
Parsing Events into a Timelinep. 225
Thoughts on Visualizationp. 228
Case Studyp. 229
Summaryp. 232
Application Analysisp. 233
Introductionp. 233
Log Filesp. 235
Dynamic Analysisp. 236
Network Capturesp. 241
Application Memory Analysisp. 243
Summaryp. 244
Referencesp. 244
Indexp. 245
Table of Contents provided by Ingram. All Rights Reserved.

Rewards Program

Write a Review