LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
I decided to write this book for a couple of reasons. One was that I’ve now written a couple of books that have to do with incident response and forensic analysis on Windows sy… Read more
LIMITED OFFER
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
I decided to write this book for a couple of reasons. One was that I’ve now written a couple of books that have to do with incident response and forensic analysis on Windows systems, and I used a lot of Perl in both books. Okay…I’ll come clean…I used nothing but Perl in both books! What I’ve seen as a result of this is that many readers want to use the tools, but don’t know how…they simply aren’t familiar with Perl, with interpreted (or scripting) languages in general, and may not be entirely comfortable with running tools at the command line.
This book is intended for anyone who has an interest in useful Perl scripting, in particular on the Windows platform, for the purpose of incident response, and forensic analysis, and application monitoring. While a thorough grounding in scripting languages (or in Perl specifically) is not required, it helpful in fully and more completely understanding the material and code presented in this book. This book contains information that is useful to consultants who perform incident response and computer forensics, specifically as those activities pertain to MS Windows systems (Windows 2000, XP, 2003, and some Vista). My hope is that not only will consultants (such as myself) find this material valuable, but so will system administrators, law enforcement officers, and students in undergraduate and graduate programs focusing on computer forensics.
Author
Technical Editor
Contributing Authors
Preface
Author Acknowledgements
Part I: Perl Scripting and Live Response
Built-in Functions
Running Processes
Accessing the API
WMI
Accessing the Registry
ProScripts
Part II: Perl Scripting and Computer Forensic Analysis
Log Files
Parsing Binary Files
Registry
Event Logs
Parsing RAM Dumps
ProScripts
Parsing Other Data
Part III: Monitoring Windows Applications with Perl
Core Application Processes
Core Application Dependencies
Web Services
Summary
Index
HC