Windows Forensics is the most comprehensive and up-to-date resource for those wishing to leverage the power of Linux and free software in order to quickly and efficiently perform forensics on Windows systems. It is also a great asset for anyone that would like to better understand Windows internals.
Windows Forensics will guide you step by step through the process of investigating a computer running Windows. Whatever the reason for performing forensics on a Windows system, be it incident response, a criminal investigation, suspected data ex-filtration, or data recovery, this book will tell you what you need to know in order to perform the vast majority of investigations. All of the tools discussed in this book are free and most are also open source.
Dr. Philip Polstra shows how to leverage numerous tools such as Python, shell scripting, and MySQL to quickly, easily, and accurately analyze Windows systems. While readers will have a strong grasp of Python and shell scripting by the time they complete this book, no prior knowledge of either of these scripting languages is assumed. Windows Forensics begins by showing you how to determine if there was an incident with minimally invasive techniques. Once it appears likely that an incident has occurred, Dr. Polstra shows you how to collect data from a live system before shutting it down for the creation of filesystem images.
Windows Forensics contains extensive coverage of Windows FAT and NTFS filesystems. A large collection of Python and shell scripts for creating, mounting, and analyzing filesystem images are presented in this book. The treasure trove of data found in the Windows Registry and other artifacts are discussed in detail. Dr. Polstra introduces readers to the exciting new field of memory analysis using the Volatility framework. Discussion of malware analysis rounds out the book.
- 554 pages in large, easy-to-read 8.5 x 11 inch format
- Over 11,000 lines of Python scripts with explanations
- Over 500 lines of shell and command scripts with explanations
- A 96 page chapter covering the FAT filesystem in detail
- A 164 page chapter on NTFS filesystems
- Multiple scenarios described in detail with images available from the book website
- All scripts and other support files are available from the book website
|Product dimensions:||8.50(w) x 11.00(h) x 1.12(d)|
About the Author
Dr. Polstra has developed degree programs in digital forensics and ethical hacking while serving as a professor and Hacker in Residence at a private university in the Midwestern United States. He currently teaches in one of the top Digital Forensics degree programs in the United States at Bloomsburg University of Pennsylvania. In addition to teaching, he provides training and performs penetration tests on a consulting basis. When not working, he has been known to fly, build aircraft, and tinker with electronics. He is an accomplished aviator with thousands of hours of flight time and a dozen ratings as a pilot, flight instructor, mechanic, aircraft inspector, and avionics specialist. His latest happenings can be found on his website http://philpolstra.com. You can also follow him at @ppolstra on Twitter.
Dr. Polstra authored Hacking and Penetration Testing with Low Power Devices (Syngress, 2014) in which he showed the world how to easily build drop boxes, hacking consoles, and remote hacking drones with the BeagleBone Black and similar devices. Techniques described in this book permit security penetration tests to be performed with multiple, possibly battery powered, devices which are controlled by a user up to two miles away from the target organization.
His book, Linux Forensics (Pentester Academy, 2015), is the most comprehensive and up-to-date resource available to anyone wishing to perform forensics on Linux systems. The first printing of this book sold out in under twenty five hours. This book is considered a must have by a number of forensic investigators around the world.
His latest book, Windows Forensics (Pentester Academy, 2016), is the top resource available to anyone wishing to perform forensics on Windows systems. This book brings forensics to the masses by showing them how to leverage the power of Linux and free software to perform forensics on Windows systems.