Perl Scripting for Windows Security
1st Edition
Live Response, Forensic Analysis, and Monitoring
Secure Checkout
Personal information is secured with SSL technology.Free Shipping
Free global shippingNo minimum order.
Description
I decided to write this book for a couple of reasons. One was that I’ve now written a couple of books that have to do with incident response and forensic analysis on Windows systems, and I used a lot of Perl in both books. Okay…I’ll come clean…I used nothing but Perl in both books! What I’ve seen as a result of this is that many readers want to use the tools, but don’t know how…they simply aren’t familiar with Perl, with interpreted (or scripting) languages in general, and may not be entirely comfortable with running tools at the command line.
This book is intended for anyone who has an interest in useful Perl scripting, in particular on the Windows platform, for the purpose of incident response, and forensic analysis, and application monitoring. While a thorough grounding in scripting languages (or in Perl specifically) is not required, it helpful in fully and more completely understanding the material and code presented in this book. This book contains information that is useful to consultants who perform incident response and computer forensics, specifically as those activities pertain to MS Windows systems (Windows 2000, XP, 2003, and some Vista). My hope is that not only will consultants (such as myself) find this material valuable, but so will system administrators, law enforcement officers, and students in undergraduate and graduate programs focusing on computer forensics.
Key Features
*Perl Scripting for Live Response
Using Perl, there’s a great deal of information you can retrieve from systems, locally or remotely, as part of troubleshooting or investigating an issue. Perl scripts can be run from a central management point, reaching out to remote systems in order to collect information, or they can be "compiled" into standalone executables using PAR, PerlApp, or Perl2Exe so that they can be run on systems that do not have ActiveState’s Perl distribution (or any other Perl distribution) installed.
*Perl Scripting for Computer Forensic Analysis
Perl is an extremely useful and powerful tool for performing computer forensic analysis. While there are applications available that let an examiner access acquired images and perform some modicum of visualization, there are relatively few tools that meet the specific needs of a specific examiner working on a specific case. This is where the use of Perl really shines through and becomes apparent.
*Perl Scripting for Application Monitoring
Working with enterprise-level Windows applications requires a great deal of analysis and constant monitoring. Automating the monitoring portion of this effort can save a great deal of time, reduce system downtimes, and improve the reliability of your overall application. By utilizing Perl scripts and integrating them with the application technology, you can easily build a simple monitoring framework that can alert you to current or future application issues.
Readership
This book is intended for anyone who has an interest in useful Perl scripting, in particular on the Windows platform, for the purpose of incident response, and forensic analysis, and application monitoring. While a thorough grounding in scripting languages (or in Perl specifically) is not required, it helpful in fully and more completely understanding the material and code presented in this book. This book contains information that is useful to consultants who perform incident response and computer forensics, specifically as those activities pertain to MS Windows systems (Windows 2000, XP, 2003, and some Vista). My hope is that not only will consultants (such as myself) find this material valuable, but so will system administrators, law enforcement officers, and students in undergraduate and graduate programs focusing on computer forensics.
Table of Contents
Author
Technical Editor
Contributing Authors
Preface
Author Acknowledgements
Part I: Perl Scripting and Live Response
Built-in Functions
Running Processes
Accessing the API
WMI
Accessing the Registry
ProScripts
Part II: Perl Scripting and Computer Forensic Analysis
Log Files
Parsing Binary Files
Registry
Event Logs
Parsing RAM Dumps
ProScripts
Parsing Other Data
Part III: Monitoring Windows Applications with Perl
Core Application Processes
Core Application Dependencies
Web Services
Summary
Index
Details
- No. of pages:
- 232
- Language:
- English
- Copyright:
- © Syngress 2007
- Published:
- 12th December 2007
- Imprint:
- Syngress
- Paperback ISBN:
- 9781597491730
- eBook ISBN:
- 9780080555638
About the Author
Harlan Carvey
Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.
Affiliations and Expertise
DFIR analyst, presenter, and open-source tool author