Windows Forensic Analysis DVD ToolkitWindows Forensic Analysis DVD Toolkit, Second Edition, is a completely updated and expanded version of Harlan Carvey's best-selling forensics book on incident response and investigating cybercrime on Windows systems. With this book, you will learn how to analyze data during live and post-mortem investigations. New to this edition is Forensic Analysis on a Budget, which collects freely available tools that are essential for small labs, state (or below) law enforcement, and educational organizations. The book also includes new pedagogical elements, Lessons from the Field, Case Studies, and War Stories that present real-life experiences by an expert in the trenches, making the material real and showing the why behind the how. The companion DVD contains significant, and unique, materials (movies, spreadsheet, code, etc.) not available anyplace else because they were created by the author. This book will appeal to digital forensic investigators, IT security professionals, engineers, and system administrators as well as students and consultants.
|
Contents
1 | |
Live Response Data Analysis | 63 |
Windows Memory Analysis | 89 |
Registry Analysis | 157 |
File Analysis | 253 |
Executable File Analysis | 337 |
Other editions - View all
Common terms and phrases
able acquired activity added additional administrator allows analysis appears application Audit bytes called chapter collect command complete configuration connections contains contents copy created default detection determine device discussed display document drive dump entries Event Log examination example executable extract Figure file system forensic format functionality hive file identify illustrates important incident indications installed Internet issue launch live located log files look maintained malware means memory memory dump Microsoft Once operating system output parse particularly perform Perl script physical memory plugin record reference Registry keys remote response rootkit scan Security server simply specific structure techniques things traffic understanding utility various volatile Windows systems Windows XP