- Print ISBN 9781597491730
- Electronic ISBN 9780080555638
I decided to write this book for a couple of reasons. One was that I’ve now written a couple of books that have to do with incident response and forensic analysis on Windows systems, and I used a lot of Perl in both books. Okay…I’ll come clean…I used nothing but Perl in both books! What I’ve seen as a result of this is that many readers want to use the tools, but don’t know how…they simply aren’t familiar with Perl, with interpreted (or scripting) languages in general, and may not be entirely comfortable with running tools at the command line.
This book is intended for anyone who has an interest in useful Perl scripting, in particular on the Windows platform, for the purpose of incident response, and forensic analysis, and application monitoring. While a thorough grounding in scripting languages (or in Perl specifically) is not required, it helpful in fully and more completely understanding the material and code presented in this book. This book contains information that is useful to consultants who perform incident response and computer forensics, specifically as those activities pertain to MS Windows systems (Windows 2000, XP, 2003, and some Vista). My hope is that not only will consultants (such as myself) find this material valuable, but so will system administrators, law enforcement officers, and students in undergraduate and graduate programs focusing on computer forensics.
Code can be found at: http://www.elsevierdirect.com/companion.jsp?ISBN=9781597491730
Part I: Perl Scripting and Live Response
Accessing the API
Accessing the Registry
Part II: Perl Scripting and Computer Forensic Analysis
Parsing Binary Files
Parsing RAM Dumps
Parsing Other Data
Part III: Monitoring Windows Applications with Perl
Core Application Processes
Core Application Dependencies