x

Our Privacy Policy has changed. By using this site, you agree to the Privacy Policy.

Real Digital Forensics Computer Security and Incident Response

ISBN-10: 0321240693
ISBN-13: 9780321240699
Edition: 2006
List price: $79.99 Buy it from $49.84
This item qualifies for FREE shipping

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

30 day, 100% satisfaction guarantee

If an item you ordered from TextbookRush does not meet your expectations due to an error on our part, simply fill out a return request and then return it by mail within 30 days of ordering it for a full refund of item cost.

Learn more about our returns policy

Description: This book and DVD set provides a practical hands-on approach to solving problems encountered when performing computer-related investigations.

New Starting from $49.84
what's this?
Rush Rewards U
Members Receive:
coins
coins
You have reached 400 XP and carrot coins. That is the daily max!
You could win $10,000

Get an entry for every item you buy, rent, or sell.

Study Briefs

Limited time offer: Get the first one free! (?)

All the information you need in one place! Each Study Brief is a summary of one specific subject; facts, figures, and explanations to help you learn faster.

Add to cart
Study Briefs
SQL Online content $4.95 $1.99
Add to cart
Study Briefs
MS Excel® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS Word® 2010 Online content $4.95 $1.99
Add to cart
Study Briefs
MS PowerPoint® 2010 Online content $4.95 $1.99

Customers also bought

Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading
Loading

Book details

List price: $79.99
Copyright year: 2006
Publisher: Addison Wesley Professional
Publication date: 9/23/2005
Binding: Mixed Media
Pages: 688
Size: 7.00" wide x 9.25" long x 1.75" tall
Weight: 1.584
Language: English

This book and DVD set provides a practical hands-on approach to solving problems encountered when performing computer-related investigations.

Preface
Acknowledgments
About the Authors
Case Studies
Live Incident Response
Windows Live Response
Analyzing Volatile Data
The System Date and Time
Current Network Connections
Open TCP or UDP Ports
Executables Opening TCP or UDP Ports
Cached NetBIOS Name Tables
Users Currently Logged On
The Internal Routing Table
Running Processes
Running Services
Scheduled Jobs
Open Files
Process Memory Dumps
Full System Memory Dumps
Analyzing Nonvolatile Data
System Version and Patch Level
File System Time and Date Stamps
Registry Data
The Auditing Policy
A History of Logins
System Event Logs
User Accounts
IIS Logs
Suspicious Files
Putting It All Together
Unix Live Response
Analyzing Volatile Data
The System Date and Time
Current Network Connections
Open TCP or UDP Ports
Executables Opening TCP or UDP Ports
Running Processes
Open Files
The Internal Routing Table
Loaded Kernel Modules
Mounted File Systems
Analyzing Nonvolatile Data
System Version and Patch Level
File System Time and Date Stamps
File System MD5 Checksum Values
Users Currently Logged On
A History of Logins
Syslog Logs
User Accounts
User History Files
Suspicious Files
Putting It All Together
Network-Based Forensics
Collecting Network-Based Evidence
Full Content Data
Session Data
Alert Data
Statistical Data
Putting NBE to Work
A Standard Intrusion Scenario
Using Full Content Data
Using Session Data
Using Alert Data
Using Statistical Data
Data Collection
Accessing the Wire
Collecting and Storing Traffic
Full Content Data Tools
Session Data Tools
Alert Data Tools
Statistical Data Tools
Putting It All Together
Analyzing Network-Based Evidence for a Windows Intrusion
Statistical Data: First Trace
Alert Data: First Trace
Session Data: First Trace
Full Content Data: First Trace
Statistical Data: Second Trace
Alert Data: Second Trace
Session Data: Second Trace
Full Content Data: Second Trace
Putting It All Together
Analyzing Network-Based Evidence for a Unix Intrusion
Statistical Data
Alert Data
Session Data
Full Content Data
Putting It All Together
Acquiring a Forensic Duplication
Before You Jump Right In...
Preparing for a Forensic Duplication
Document, Document, Document!
Commercial-Based Forensic Duplications
The Read-Only IDE-to-Firewire Device
Acquiring a Forensic Duplication with EnCase
Acquiring a Forensic Duplication with FTK
Noncommercial-Based Forensic Duplications
DD
Creating an Evidence File
Creating an Evidence Hard Drive
DD Rescue
DCFLDD
NED-The Open Source Network Evidence Duplicator
Forensic Analysis Techniques
Common Forensic Analysis Techniques
Recovering Deleted Files
Open Source Solutions
Commercial Solutions
Production of Time Stamps and Other Metadata for Files
Open Source Solutions
Commercial Solutions
Removing Known Files
Open Source Solutions
Commercial Solutions
File Signatures and Electronic Discovery
Open Source Solutions
Commercial Solutions
String Searching and File Fragments
Open Source Solutions
Commercial Solutions
Web Browsing Activity Reconstruction
Commercial Forensic Tools
Open Source Solutions
Pasco-An Open Source Web Browsing Investigation Tool
Galleta-An Open Source IE Cookie Investigation Tool
Putting It All Together
E-Mail Activity Reconstruction
Commercial Forensic Tools
Open Source Solutions
Outlook Express
Microsoft Windows Registry Reconstruction
Identifying Installed Programs
Identifying "Most Recently Used" Documents
Forensic Tool Analysis: An Introduction to Using Linux for Analyzing Files of Unknown Origin
Case Background
A Hands-On Introduction to Forensic Tool Analysis: Hello World!
Static Analysis of Hello
Dynamic Analysis of Hello
Putting It All Together
Forensic Tool Analysis: A Hands-On Analysis of the Linux File aio
Static Analysis of aio
md5sum
ls -al
file
strings
Hexadecimal Viewer
nm
ldd
readelf
objdump
Dynamic Analysis of aio
System Call Trace (strace)
GNU Debugger
Recovering the Uncompressed aio Binary
Recovery by Identifying the Packer That Was Used
Static Analysis of the Recovered Uncompressed Binary
Dynamic Analysis of the Recovered Uncompressed Binary
md5sum
Putting It All Together
Forensic Tool Analysis: Analyzing Files of Unknown Origin (Windows)
Case Background
A Hands-On Introduction to Forensic Tool Analysis: Hello World!
Static Analysis of hello.exe
Dynamic Analysis of hello.exe
Summary of hello.exe
A Hands-On Forensic Tool Analysis: sak.exe
Static Analysis of sak.exe
Dynamic Analysis of sak.exe
Putting It All Together
Creating a Complete Forensic Tool Kit
Building the Ultimate Response CD
Preparing the Windows Live Response Tools
Preparing the Unix Live Response Tools
Forensic Duplication Tools
DCFLDD
NED
Making Your CD-ROM a Bootable Environment
Knoppix-A Linux Distribution on a CD-ROM
The Knoppix CD-Rom
Mobile Device Forensics
Forensic Duplication and Analysis of Personal Digital Assistants
Case Background
Forensic Acquisition Utilizing EnCase
Initial Setup
EnCase
Forensic Acquisition Utilizing Paraben's PDA Seizure
Forensic Acquisition Utilizing Palm Debugger
Forensic Analysis of the Palm IIIc
Forensic Analysis of the HP iPAQ Pocket PC 2003
Forensic Analysis of the Palm m505
Putting It All Together
Forensic Duplication of USB and Compact Flash Memory Devices
Duplicating USB Devices
Duplicating Compact Flash Cards
Forensic Analysis of USB and Compact Flash Memory Devices
USB Memory Devices
Open Source Solutions
Commercial Solutions
Compact Flash Cards
Open Source Solutions
Commercial Solutions
Online-Based Forensics
Tracing E-Mail
Hotmail
Yahoo!
Netscape
Other E-Mail Services
Anonymous Remailers
Domain Name Ownership
Importing the TLD Zone Files into Postgres
Translating FQDNs to IP Addresses
Searching for Domains
Searching for DNSs
An Introduction to Perl
Reading Input
Matching Text
Regular Expressions
Formatting Output
Processing Live IR Data Collected
The Date Problem with Microsoft Excel
Index

×
Free shipping on orders over $35*

*A minimum purchase of $35 is required. Shipping is provided via FedEx SmartPost® and FedEx Express Saver®. Average delivery time is 1 – 5 business days, but is not guaranteed in that timeframe. Also allow 1 - 2 days for processing. Free shipping is eligible only in the continental United States and excludes Hawaii, Alaska and Puerto Rico. FedEx service marks used by permission."Marketplace" orders are not eligible for free or discounted shipping.

Learn more about the TextbookRush Marketplace.

×