Windows Forensic Analysis DVD Toolkit / Edition 2

Windows Forensic Analysis DVD Toolkit / Edition 2

5.0 3
by Harlan Carvey
     
 

ISBN-10: 1597494224

ISBN-13: 9781597494229

Pub. Date: 06/11/2009

Publisher: Elsevier Science

"If your job requires investigating compromised Windows hosts, you must read Windows Forensic Analysis." -Richard Bejtlich, Coauthor of Real Digital Forensics and Amazon.com Top 500 Book Reviewer

"The Registry Analysis chapter alone is worth the price of the book." -Troy Larson, Senior Forensic Investigator of Microsoft's IT Security Group "I

…  See more details below

Overview

"If your job requires investigating compromised Windows hosts, you must read Windows Forensic Analysis." -Richard Bejtlich, Coauthor of Real Digital Forensics and Amazon.com Top 500 Book Reviewer

"The Registry Analysis chapter alone is worth the price of the book." -Troy Larson, Senior Forensic Investigator of Microsoft's IT Security Group "I also found that the entire book could have been written on just registry forensics. However, in order to create broad appeal, the registry section was probably shortened. You can tell Harlan has a lot more to tell." -Rob Lee, Instructor and Fellow at the SANS Technology Institute, coauthor of Know Your Enemy: Learning About Security Threats, 2E

Author Harlan Carvey has brought his best-selling book up-to-date to give you: the responder, examiner, or analyst the must-have tool kit for your job. Windows is the largest operating system on desktops and servers worldwide, which mean more intrusions, malware infections, and cybercrime happen on these systems. Windows Forensic Analysis DVD Toolkit, 2E covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. The book is also accessible to system administrators, who are often the frontline when an incident occurs, but due to staffing and budget constraints do not have the necessary knowledge to respond effectively. The book’s companion material, now available online, contains significant new and updated materials (movies, spreadsheet, code, etc.) not available any place else, because they are created and maintained by the author.

  • Best-Selling Windows Digital Forensic book completely updated in this 2nd Edition
  • Learn how to Analyze Data During Live and Post-Mortem Investigations
  • DVD Includes Custom Tools, Updated Code, Movies, and Spreadsheets!

Read More

Product Details

ISBN-13:
9781597494229
Publisher:
Elsevier Science
Publication date:
06/11/2009
Edition description:
Older Edition
Pages:
512
Product dimensions:
7.50(w) x 9.20(h) x 1.10(d)

Related Subjects

Table of Contents

Chapter 1. Live Response: Collecting Volatile Data
Chapter 2. Live Response: Analyzing Volatile Data
Chapter 3. Windows Memory Analysis
Chapter 4. Registry Analysis
Chapter 5. File Analysis
Chapter 6. Executable File Analysis
Chapter 7. Rootkits and Rootkit Detection
Chapter 8. Tying It All Together
Chapter 9. Forensic Analysis on a Budget

Customer Reviews

Average Review:

Write a Review

and post it to your social network

     

Most Helpful Customer Reviews

See all customer reviews >

Windows Forensic Analysis DVD Toolkit 5 out of 5 based on 0 ratings. 2 reviews.
m_s_ More than 1 year ago
Harlan has hit it out of the park again with great information for all computer forensic practicioners. This is a must read for anyone in the computer forensics field.
FRINGEINDEPENEDENTREVIEW More than 1 year ago
Are you thinking about performing forensic analysis of Windows systems? If you are, then this book is for you! Author Harlan Carvey, has done an outstanding job of writing a second edition of a book that demonstrates what information is available to the investigator on both a live Windows system; as well as, in an acquired image, but also to provide information on how to go about locating additional artifacts that may be of interest, and correlating multiple data sources to build a more complete picture of the incident . Author Carvey, begins by addressing the basic issues of collecting volatile data from live systems. In addition, the author presents a framework for correlating and analyzing the data collected during a live response in order to develop a cohesive picture of activity on the system and make an analysis and identification of the root cause a bit easier and more understandable. He then provides a snapshot of what tools are available for performing memory collection and analysis, demonstrating what data can be collected from memory dumps. The author then presents the structure of the Registry, so that you’ll b able to recognize Registry artifacts in binary data and unallocated space within an acquired image. The author continues by discussing the various files, file formats, and file metadata in detail, and the tools for extracting much of the information. In addition, the author shows how the examiner can determine which files are legitimate; as well as, what artifacts to attribute to a particular piece of malware. He then addresses the topic of rootkits in the hopes of piercing the veil of mystery surrounding this particular type of malware; and, presents the administrator, first responder, and forensic analysts with the necessary information to be able to locate and recognize a rootkit. The author then shows you how information from different areas of your examination, can be correlated and tied together to build a more complete picture, whether you’re a law enforcement examiner attempting to disprove the Trojan Defense or a corporate analysts or consultant attempting to determine if a system may have been compromised. Finally, he shows you how forensic analysis is about process, not about tools. The goal of this most excellent book, is to provide a resource for forensic analysts, investigators and incident responders. Perhaps more importantly, this book provides not only useful material for those currently performing forensic investigations, but also insight into system administrators who have been faced with incident response activities.