Perl Scripting for Windows Security
View on ScienceDirect

Perl Scripting for Windows Security

Live Response, Forensic Analysis, and Monitoring

1st Edition - December 12, 2007

Write a review

  • Author: Harlan Carvey
  • Paperback ISBN: 9781597491730
  • eBook ISBN: 9780080555638

Purchase options

Purchase options
Available
DRM-free (EPub, Mobi, PDF)
eBook Format Help
Sales tax will be calculated at check-out

Institutional Subscription

Support CenterReturns & Refunds
Free Global Shipping
No minimum order

Description

I decided to write this book for a couple of reasons. One was that I’ve now written a couple of books that have to do with incident response and forensic analysis on Windows systems, and I used a lot of Perl in both books. Okay…I’ll come clean…I used nothing but Perl in both books! What I’ve seen as a result of this is that many readers want to use the tools, but don’t know how…they simply aren’t familiar with Perl, with interpreted (or scripting) languages in general, and may not be entirely comfortable with running tools at the command line. This book is intended for anyone who has an interest in useful Perl scripting, in particular on the Windows platform, for the purpose of incident response, and forensic analysis, and application monitoring. While a thorough grounding in scripting languages (or in Perl specifically) is not required, it helpful in fully and more completely understanding the material and code presented in this book. This book contains information that is useful to consultants who perform incident response and computer forensics, specifically as those activities pertain to MS Windows systems (Windows 2000, XP, 2003, and some Vista). My hope is that not only will consultants (such as myself) find this material valuable, but so will system administrators, law enforcement officers, and students in undergraduate and graduate programs focusing on computer forensics.

Key Features

*Perl Scripting for Live Response

Using Perl, there’s a great deal of information you can retrieve from systems, locally or remotely, as part of troubleshooting or investigating an issue. Perl scripts can be run from a central management point, reaching out to remote systems in order to collect information, or they can be "compiled" into standalone executables using PAR, PerlApp, or Perl2Exe so that they can be run on systems that do not have ActiveState’s Perl distribution (or any other Perl distribution) installed.

*Perl Scripting for Computer Forensic Analysis

Perl is an extremely useful and powerful tool for performing computer forensic analysis. While there are applications available that let an examiner access acquired images and perform some modicum of visualization, there are relatively few tools that meet the specific needs of a specific examiner working on a specific case. This is where the use of Perl really shines through and becomes apparent.

*Perl Scripting for Application Monitoring

Working with enterprise-level Windows applications requires a great deal of analysis and constant monitoring. Automating the monitoring portion of this effort can save a great deal of time, reduce system downtimes, and improve the reliability of your overall application. By utilizing Perl scripts and integrating them with the application technology, you can easily build a simple monitoring framework that can alert you to current or future application issues.

Readership

This book is intended for anyone who has an interest in useful Perl scripting, in particular on the Windows platform, for the purpose of incident response, and forensic analysis, and application monitoring. While a thorough grounding in scripting languages (or in Perl specifically) is not required, it helpful in fully and more completely understanding the material and code presented in this book. This book contains information that is useful to consultants who perform incident response and computer forensics, specifically as those activities pertain to MS Windows systems (Windows 2000, XP, 2003, and some Vista). My hope is that not only will consultants (such as myself) find this material valuable, but so will system administrators, law enforcement officers, and students in undergraduate and graduate programs focusing on computer forensics.

Table of Contents

  • Author

    Technical Editor

    Contributing Authors

    Preface

    Author Acknowledgements

    Part I: Perl Scripting and Live Response

    Built-in Functions

    Running Processes

    Accessing the API

    WMI

    Accessing the Registry

    ProScripts

    Part II: Perl Scripting and Computer Forensic Analysis

    Log Files

    Parsing Binary Files

    Registry

    Event Logs

    Parsing RAM Dumps

    ProScripts

    Parsing Other Data

    Part III: Monitoring Windows Applications with Perl

    Core Application Processes

    Core Application Dependencies

    Web Services

    Summary

    Index

Product details

  • No. of pages: 232
  • Language: English
  • Copyright: © Syngress 2007
  • Published: December 12, 2007
  • Imprint: Syngress
  • Paperback ISBN: 9781597491730
  • eBook ISBN: 9780080555638

About the Author

Harlan Carvey

Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.

Affiliations and Expertise

DFIR analyst, presenter, and open-source tool author

Ratings and Reviews

Write a review

There are currently no reviews for "Perl Scripting for Windows Security"