Windows Forensic Analysis DVD Toolkit

Front Cover
Syngress, Jun 1, 2009 - Computers - 512 pages
Windows Forensic Analysis DVD Toolkit, Second Edition, is a completely updated and expanded version of Harlan Carvey's best-selling forensics book on incident response and investigating cybercrime on Windows systems. With this book, you will learn how to analyze data during live and post-mortem investigations.

New to this edition is Forensic Analysis on a Budget, which collects freely available tools that are essential for small labs, state (or below) law enforcement, and educational organizations. The book also includes new pedagogical elements, Lessons from the Field, Case Studies, and War Stories that present real-life experiences by an expert in the trenches, making the material real and showing the why behind the how. The companion DVD contains significant, and unique, materials (movies, spreadsheet, code, etc.) not available anyplace else because they were created by the author.

This book will appeal to digital forensic investigators, IT security professionals, engineers, and system administrators as well as students and consultants.
  • Best-Selling Windows Digital Forensic book completely updated in this 2nd Edition
  • Learn how to Analyze Data During Live and Post-Mortem Investigations
  • DVD Includes Custom Tools, Updated Code, Movies, and Spreadsheets
 

Selected pages

Contents

Live Response Collecting Volatile Data
1
Live Response Data Analysis
63
Windows Memory Analysis
89
Registry Analysis
157
File Analysis
253
Executable File Analysis
337
Rootkits and Rootkit Detection
385
Tying It All Together
409
Performing Analysis on a Budget
437
Index
469
Copyright

Other editions - View all

Windows Forensic Analysis DVD Toolkit
Harlan Carvey
Limited preview - 2007
Windows Forensic Analysis: DVD Toolkit
Harlan Carvey
No preview available - 2007
Windows Forensic Analysis DVD Toolkit 2E: DVD-ROM
Harlan A. Carvey
No preview available - 2009

Common terms and phrases

able acquired activity added additional administrator allows analysis appears application Audit bytes called chapter collect command complete configuration connections contains contents copy created default detection determine device discussed display document drive dump entries Event Log examination example executable extract Figure file system forensic format functionality hive file identify illustrates important incident indications installed Internet issue launch live located log files look maintained malware means memory memory dump Microsoft Once operating system output parse particularly perform Perl script physical memory plugin record reference Registry keys remote response rootkit scan Security server simply specific structure techniques things traffic understanding utility various volatile Windows systems Windows XP

About the author (2009)

Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.

Bibliographic information

TitleWindows Forensic Analysis DVD Toolkit
AuthorHarlan Carvey
Edition2, revised
PublisherSyngress, 2009
ISBN008095703X, 9780080957036
Length512 pages
Subjects ›  › 

Computers / Information Technology
Computers / Security / General
  
Export CitationBiBTeX EndNote RefMan