Windows Forensic Analysis Toolkit Advanced Analysis Techniques for Windows 7

Name: Windows Forensic Analysis Toolkit Advanced Analysis Techniques for Windows 7
Price: 4.62 USD
Availability: InStock
ISBN: 9781597497275

ISBN-10: 1597497274

ISBN-13: 9781597497275

Edition: 3rd 2012

Authors: Harlan Carvey

List price: $69.95

30 day, 100% satisfaction guarantee!

Marketplace

3 new & used from $4.62

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

Author Harlan Carvey has brought his best-selling book up-to-date to give you: the responder, examiner, or analyst the must-have tool kit for your job. Windows is the largest operating system on desktops and servers worldwide, which mean more intrusions, malware infections, and cybercrime happen on these systems. Windows Forensic Analysis DVD Toolkit, 2E covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. The book is also accessible to system administrators, who are often the frontline when an incident occurs, but due to staffing and budget constraints…

Book details

List price: $69.95
Edition: 3rd
Copyright year: 2012
Publisher: Elsevier Science & Technology Books
Publication date: 3/15/2012
Binding: Paperback
Pages: 296
Size: 7.50" wide x 9.25" long x 1.00" tall
Weight: 1.298
Language: English

Harlan Carvey (CISSP) is a Vice President of Advanced Security Projects with Terremark Worldwide, Inc. Terremark is a leading global provider of IT infrastructure and "cloud computing" services, based in Miami, FL. Harlan is a key contributor to the Engagement Services practice, providing disk forensics analysis, consulting, and training services to both internal and external customers. Harlan has provided forensic analysis services for the hospitality industry, financial institutions, as well as federal government and law enforcement agencies. Harlan's primary areas of interest include research and development of novel analysis solutions, with a focus on Windows platforms. Harlan holds a…



Preface


Acknowledgments


About the Author


About the Technical Editor



Analysis Concepts


Introduction


Analysis Concepts


Windows Versions


Analysis Principles


Documentation


Convergence


Virtualization


Setting Up an Analysis System


Summary



Immediate Response


Introduction


Being Prepared to Respond


Questions


The Importance of Preparation


Logs


Data Collection


Training


Summary



Volume Shadow Copies


Introduction


What Are "Volume Shadow Copies"?


Registry Keys


Live Systems


ProDiscover


F-Response


Acquired Images


VHD Method


VMWare Method


Automating VSC Access


ProDiscover


Summary


Reference



File Analysis


Introduction


MFT


File System Tunneling


Event Logs


Windows Event Log


Recycle Bin


Prefetch Files


Scheduled Tasks


Jump Lists


Hibernation Files


Application Files


Antivirus Logs


Skype


Apple Products


Image Files


Summary


References



Registry Analysis


Introduction


Registry Analysis


Registry Nomenclature


The Registry as a Log File


USB Device Analysis


System Hive


Software Hive


User Hives


Additional Sources


Tools


Summary


References



MaIware Detection


Introduction


Malware Characteristics


Initial Infection Vector


Propagation Mechanism


Persistence Mechanism


Artifacts


Detecting Malware


Log Analysis


Antivirus Scans


Digging Deeper


Seeded Sites


Summary


References



Timeline Analysis


Introduction


Timelines


Data Sources


Time Formats


Concepts


Benefits


Format


Creating Timelines


File System Metadata


Event Logs


Prefetch Files


Registry Data


Additional Sources


Parsing Events into a Timeline


Thoughts on Visualization


Case Study


Summary



Application Analysis


Introduction


Log Files


Dynamic Analysis


Network Captures


Application Memory Analysis


Summary


References


Index