Windows Forensic Analysis DVD Toolkit

By

  • Harlan Carvey, (CISSP) Vice President of Advanced Security Projects with Terremark Worldwide, Inc., Miami
  • Harlan Carvey, (CISSP) Vice President of Advanced Security Projects with Terremark Worldwide, Inc., Miami

"If your job requires investigating compromised Windows hosts, you must read Windows Forensic Analysis."
-Richard Bejtlich, Coauthor of Real Digital Forensics and Amazon.com Top 500 Book Reviewer

"The Registry Analysis chapter alone is worth the price of the book."
-Troy Larson, Senior Forensic Investigator of Microsoft's IT Security Group

"I also found that the entire book could have been written on just registry forensics. However, in order to create broad appeal, the registry section was probably shortened. You can tell Harlan has a lot more to tell."
-Rob Lee, Instructor and Fellow at the SANS Technology Institute, coauthor of Know Your Enemy: Learning About Security Threats, 2E

Author Harlan Carvey has brought his best-selling book up-to-date to give you: the responder, examiner, or analyst the must-have tool kit for your job. Windows is the largest operating system on desktops and servers worldwide, which mean more intrusions, malware infections, and cybercrime happen on these systems. Windows Forensic Analysis DVD Toolkit, 2E covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. The book is also accessible to system administrators, who are often the frontline when an incident occurs, but due to staffing and budget constraints do not have the necessary knowledge to respond effectively. The book’s companion material, now available online, contains significant new and updated materials (movies, spreadsheet, code, etc.) not available any place else, because they are created and maintained by the author.

View full description

Audience

Digital forensic investigators, IT security professionals, engineers, and system administrators

 

Book information

  • Published: May 2009
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-422-9

Reviews

"If your job requires investigating compromised Windows hosts, you must read Windows Forensic Analysis."--Richard Bejtlich, Coauthor of Real Digital Forensics and Amazon.com Top 500 Book Reviewer



Table of Contents

Chapter 1: Live Response: Collecting Volatile Data
Chapter 2: Live Response: Analyzing Volatile Data
Chapter 3: Windows Memory Analysis
Chapter 4: Registry Analysis
Chapter 5: File Analysis
Chapter 6: Executable File Analysis
Chapter 7: Rootkits and Rootkit Detection
Chapter 8: Tying It All Together
Chapter 9: Forensic Analysis on a Budget