Executing Windows Command Line Investigations - 1st Edition - ISBN: 9780128092682, 9780128092712

Executing Windows Command Line Investigations

1st Edition

While Ensuring Evidentiary Integrity

Authors: Chet Hosmer Joshua Bartolomie Rosanne Pelli
eBook ISBN: 9780128092712
Paperback ISBN: 9780128092682
Imprint: Syngress
Published Date: 14th June 2016
Page Count: 228
Tax/VAT will be calculated at check-out Price includes VAT (GST)
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
50.95
35.66
35.66
35.66
35.66
35.66
40.76
40.76
42.99
30.09
30.09
30.09
30.09
30.09
34.39
34.39
69.95
48.97
48.97
48.97
48.97
48.97
55.96
55.96
Unavailable
Price includes VAT (GST)
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

The book Executing Windows Command Line Investigations targets the needs of cyber security practitioners who focus on digital forensics and incident response. These are the individuals who are ultimately responsible for executing critical tasks such as incident response; forensic analysis and triage; damage assessments; espionage or other criminal investigations; malware analysis; and responding to human resource violations.

The authors lead readers through the importance of Windows CLI, as well as optimal configuration and usage. Readers will then learn the importance of maintaining evidentiary integrity, evidence volatility, and gain appropriate insight into methodologies that limit the potential of inadvertently destroying or otherwise altering evidence. Next, readers will be given an overview on how to use the proprietary software that accompanies the book as a download from the companion website. This software, called Proactive Incident Response Command Shell (PIRCS), developed by Harris Corporation provides an interface similar to that of a Windows CLI that automates evidentiary chain of custody and reduces human error and documentation gaps during incident response.

Key Features

  • Includes a free download of the Proactive Incident Response Command Shell (PIRCS) software
  • Learn about the technical details of Windows CLI so you can directly manage every aspect of incident response evidence acquisition and triage, while maintaining evidentiary integrity

Readership

Information security professionals and analysts, forensic investigators, information system security managers, IT administrators, IT auditors, incident responders

Table of Contents

  • Dedication
  • Biography
  • Foreword
  • Preface
  • Acknowledgments
  • Harris Corporation
  • Chapter 1: The Impact of Windows Command Line Investigations
    • Abstract
    • Introduction
    • Organization of the Book
    • Chapter 1 Review
    • Chapter 1 Summary Questions
  • Chapter 2: Importance of Digital Evidence Integrity
    • Abstract
    • Introduction
    • Chapter 2 Review
    • Chapter 2 Summary Questions
  • Chapter 3: Windows Command Line Interface
    • Abstract
    • Introduction
    • Chapter 3 Review
    • Chapter 3 Summary Questions
  • Chapter 4: Operating the Proactive Incident Response Command Shell
    • Abstract
    • Introduction
    • Chapter 4 Review
    • Chapter 4 Summary Questions
  • Chapter 5: Use Cases
    • Abstract
    • Introduction
    • General Evidence Collection Guidelines
    • Fundamental Digital Evidence Categories
    • Use Case Examples
    • Summary
    • Chapter 5 Review
    • Chapter 5 Summary Questions
  • Chapter 6: Future Considerations
    • Abstract
    • Introduction
  • Appendix A: Third-party Windows CLI Tools
    • Abstract
    • Keywords
    • Introduction
  • Appendix B: Windows CLI Reference Synopsis
    • Abstract
    • Keywords
    • Introduction
    • Microsoft TechNet
    • Popular Commands for an Examination
  • Index

Details

No. of pages:
228
Language:
English
Copyright:
© Syngress 2016
Published:
Imprint:
Syngress
eBook ISBN:
9780128092712
Paperback ISBN:
9780128092682

About the Author

Chet Hosmer

Chet Hosmer is the Founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using the Python programming language. Chet serves as a visiting professor at Utica College in the Cybersecurity Graduate program where his research and teaching focus on advanced steganography/data hiding methods and related defenses. He is also an Adjunct Faculty member at Champlain College in the Masters of Science in Digital Forensic Science Program where he is researching and working with graduate students to advance the application Python to solve hard problems facing digital investigators.

Chet makes numerous appearances each year to discuss emerging cyber threats including National Public Radio's Kojo Nnamdi show, ABC's Primetime Thursday, NHK Japan and ABC News Australia. He is also a frequent contributor to technical and news stories relating to cyber security and forensics and has been interviewed and quoted by IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com, DFI News and Wired Magazine.

He is the author of three recent Elsevier/Syngress Books: Python Passive Network Mapping: ISBN-13: 978-0128027219, Python Forensics: ISBN-13: 978-0124186767 and Data Hiding which is co/authored with Mike Raggo: ISBN-13: 978-1597497435. Chet delivers keynote and plenary talks on various cyber security related topics around the world each year.

Affiliations and Expertise

President, Python Forensics, Inc.

Joshua Bartolomie

Joshua Bartolomie (CISSP, CRISC, DFCP, CEECS, CFCE) has 20 years of technical and management experience within the information technology and cyber security domains. Joshua has contributed to and managed programs that range from teaching digital forensics to designing, implementing, and managing cutting edge Security Operations Centers and Incident Response Teams. Mr. Bartolomie is an active participant in multiple information sharing and collaborative consortiums and has presented at numerous cyber security forums, conferences, and venues.

In his current role, Joshua is responsible for translating corporate business strategies, environmental conditions, infrastructure requirements, and industry best practices into strategic cyber security designs and architectural roadmaps. Joshua holds a Master’s Degree in Information Assurance from Norwich University and a Bachelor’s of Science in Digital and Computer Forensics from Champlain College.

Affiliations and Expertise

CEECS, CFCE, CISSP, CRISC, CSM, DFCP, Director of Cyber Security Architecture and Operations, Information Security Risk Management at Harris Corporation

Rosanne Pelli

Ms. Rosanne Pelli, is a certified Project Management Professional (PMP) through the Project Management Institute (PMI) and CompTIA Security+ professional with Harris Corporation. She has over ten years of experience in the coordination, programmatic oversight and management of US government contracts as well as Harris’ Secure-U Training Program. During her years of experience, Ms. Pelli has assisted in the management and coordination of various government contracts that focused on the identification and analysis of emerging cyber threats; evaluation and transition of cyber security technologies for tactical use by the cyber security community; technical assistance to federal, state and local law enforcement communities; development and maintenance of a virtual cyber security training portal; and the development, coordination and execution of various national and international cyber security training initiatives.

Affiliations and Expertise

PMP, CompTIA Security+, Project Manager at Harris Corporation

Reviews

"Executing Windows Command Line Investigations is a leading edge book that targets digital forensics investigations and incident response. The book clearly lays out the technical details of the Windows CLI so you can directly manage every aspect of cyber evidence acquisition and triage, while maintaining data evidence integrity and chain of custody. This is a must read for cyber security practitioners and students!" --Joe Giordano, Utica College

"This book is an excellent reference for all levels of incident responders and covers essential techniques for responding to modern cyber security threats." --Mark Bilanski, Incident Response Manager