Windows Forensic Analysis DVD Toolkit book cover

Windows Forensic Analysis DVD Toolkit

"If your job requires investigating compromised Windows hosts, you must read Windows Forensic Analysis."
-Richard Bejtlich, Coauthor of Real Digital Forensics and Amazon.com Top 500 Book Reviewer

"The Registry Analysis chapter alone is worth the price of the book."
-Troy Larson, Senior Forensic Investigator of Microsoft's IT Security Group

"I also found that the entire book could have been written on just registry forensics. However, in order to create broad appeal, the registry section was probably shortened. You can tell Harlan has a lot more to tell."
-Rob Lee, Instructor and Fellow at the SANS Technology Institute, coauthor of Know Your Enemy: Learning About Security Threats, 2E

Author Harlan Carvey has brought his best-selling book up-to-date to give you: the responder, examiner, or analyst the must-have tool kit for your job. Windows is the largest operating system on desktops and servers worldwide, which mean more intrusions, malware infections, and cybercrime happen on these systems. Windows Forensic Analysis DVD Toolkit, 2E covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. The book is also accessible to system administrators, who are often the frontline when an incident occurs, but due to staffing and budget constraints do not have the necessary knowledge to respond effectively. The book’s companion DVD contains significant new and updated materials (movies, spreadsheet, code, etc.) not available any place else, because they are created and maintained by the author.

Audience
Digital forensic investigators, IT security professionals, engineers, and system administrators

Paperback, 512 Pages

Published: May 2009

Imprint: Syngress

ISBN: 978-1-59749-422-9

Reviews

  • "If your job requires investigating compromised Windows hosts, you must read Windows Forensic Analysis."--Richard Bejtlich, Coauthor of Real Digital Forensics and Amazon.com Top 500 Book Reviewer

Contents

  • Chapter 1: Live Response: Collecting Volatile Data
    Chapter 2: Live Response: Analyzing Volatile Data
    Chapter 3: Windows Memory Analysis
    Chapter 4: Registry Analysis
    Chapter 5: File Analysis
    Chapter 6: Executable File Analysis
    Chapter 7: Rootkits and Rootkit Detection
    Chapter 8: Tying It All Together
    Chapter 9: Forensic Analysis on a Budget

Advertisement

advert image