FREE SHIPPING BOTH WAYS
ON EVERY ORDER!
LIST PRICE:
$69.95

Sorry, this item is currently unavailable.

Windows Forensic Analysis Toolkit : Advanced Analysis Techniques for Windows 7

ISBN: 9781597497275 | 1597497274
Edition: 3rd
Format: Paperback
Publisher: Elsevier Science Ltd
Pub. Date: 1/27/2012

Why Rent from Knetbooks?

Because Knetbooks knows college students. Our rental program is designed to save you time and money. Whether you need a textbook for a semester, quarter or even a summer session, we have an option for you. Simply select a rental period, enter your information and your book will be on its way!

Top 5 reasons to order all your textbooks from Knetbooks:

  • We have the lowest prices on thousands of popular textbooks
  • Free shipping both ways on ALL orders
  • Most orders ship within 48 hours
  • Need your book longer than expected? Extending your rental is simple
  • Our customer support team is always here to help
SummaryTable of ContentsAuthor Biography
Author Harlan Carvey has brought his best-selling book up-to-date to give you: the responder, examiner, or analyst the must-have tool kit for your job. Windows is the largest operating system on desktops and servers worldwide, which mean more intrusions, malware infections, and cybercrime happen on these systems. Windows Forensic Analysis DVD Toolkit, 2E covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. The book is also accessible to system administrators, who are often the frontline when an incident occurs, but due to staffing and budget constraints do not have the necessary knowledge to respond effectively. The book's companion DVD contains significant new and updated materials (movies, spreadsheet, code, etc.) not available any place else, because they are created and maintained by the author. Best-Selling Windows Digital Forensic book completely updated in this 2nd Edition Learn how to Analyze Data During Live and Post-Mortem Investigations DVD Includes Custom Tools, Updated Code, Movies, and Spreadsheets! A brand-new chapter, "Forensic Analysis on a Budget," collects freely available tools that are essential for small labs, state (or below) law enforcement, and educational organizations New pedagogical elements, Lessons from the Field, Case Studies, and War Stories, present real-life experiences from the trenches by an expert in the trenches, making the material real and showing the why behind the how The companion DVD contains new, significant, and unique materials (movies, spreadsheet, code, etc.) not available anyplace else because they were created by the author
... MORE
Prefacep. xi
Acknowledgmentsp. xvii
About the Authorp. xix
About the Technical Editorp. xxi
Analysis Conceptsp. 1
Introductionp. 1
Analysis Conceptsp. 3
Windows Versionsp. 4
Analysis Principlesp. 6
Documentationp. 15
Convergencep. 16
Virtualizationp. 17
Setting Up an Analysis Systemp. 19
Summaryp. 22
Immediate Responsep. 23
Introductionp. 23
Being Prepared to Respondp. 24
Questionsp. 25
The Importance of Preparationp. 28
Logsp. 31
Data Collectionp. 36
Trainingp. 39
Summaryp. 40
Volume Shadow Copiesp. 43
Introductionp. 43
What Are "Volume Shadow Copies"?p. 44
Registry Keysp. 45
Live Systemsp. 46
ProDiscoverp. 49
F-Responsep. 50
Acquired Imagesp. 52
VHD Methodp. 54
VMWare Methodp. 58
Automating VSC Accessp. 62
ProDiscoverp. 64
Summaryp. 67
Referencep. 67
File Analysisp. 69
Introductionp. 70
MFTp. 70
File System Tunnelingp. 76
Event Logsp. 78
Windows Event Logp. 82
Recycle Binp. 85
Prefetch Filesp. 88
Scheduled Tasksp. 92
Jump Listsp. 95
Hibernation Filesp. 101
Application Filesp. 102
Antivirus Logsp. 103
Skypep. 104
Apple Productsp. 105
Image Filesp. 106
Summaryp. 108
Referencesp. 109
Registry Analysisp. 111
Introductionp. 112
Registry Analysisp. 112
Registry Nomenclaturep. 113
The Registry as a Log Filep. 114
USB Device Analysisp. 115
System Hivep. 128
Software Hivep. 131
User Hivesp. 139
Additional Sourcesp. 148
Toolsp. 150
Summaryp. 153
Referencesp. 153
MaIware Detectionp. 155
Introductionp. 156
Malware Characteristicsp. 156
Initial Infection Vectorp. 158
Propagation Mechanismp. 160
Persistence Mechanismp. 162
Artifactsp. 165
Detecting Malwarep. 168
Log Analysisp. 169
Antivirus Scansp. 173
Digging Deeperp. 177
Seeded Sitesp. 191
Summaryp. 193
Referencesp. 193
Timeline Analysisp. 195
Introductionp. 196
Timelinesp. 196
Data Sourcesp. 198
Time Formatsp. 199
Conceptsp. 200
Benefitsp. 202
Formatp. 204
Creating Timelinesp. 210
File System Metadatap. 211
Event Logsp. 217
Prefetch Filesp. 221
Registry Datap. 222
Additional Sourcesp. 224
Parsing Events into a Timelinep. 225
Thoughts on Visualizationp. 228
Case Studyp. 229
Summaryp. 232
Application Analysisp. 233
Introductionp. 233
Log Filesp. 235
Dynamic Analysisp. 236
Network Capturesp. 241
Application Memory Analysisp. 243
Summaryp. 244
Referencesp. 244
Indexp. 245
Table of Contents provided by Ingram. All Rights Reserved.
Harlan Carvey (CISSP) is Vice President of Advanced Security Projects with Terremark Worldwide, Inc., which is headquartered in Miami, FL. Harlan has provided forensic analysis services for the hospitality industry, financial institutions, as well as federal government and law enforcement agencies. Harlan resides in Northern Virginia with his family.


Please wait while this item is added to your cart...