Windows Forensic Analysis DVD Toolkit
1st Edition
Description
Windows Forensic Analysis DVD Toolkit addresses and discusses in-depth forensic analysis of Windows systems. The book takes the reader to a whole new, undiscovered level of forensic analysis for Windows systems, providing unique information and resources not available anywhere else. This book covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. This book also brings this material to the doorstep of system administrators, who are often the front line troops when an incident occurs, but due to staffing and budgets do not have the necessary knowledge to effectively respond.
All disc-based content for this title is now available on the Web.
Key Features
- Contains information about Windows forensic analysis that is not available anywhere else. Much of the information is a result of the author’s own unique research and work
- Contains working code/programs, in addition to sample files for the reader to work with, that are not available anywhere else
- The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else
Readership
Security professionals and law enforcement agents performing incident response and forensic analysis of Windows systems; IT managers
Table of Contents
- Collecting Volatile Data
2. Data Analysis
3. Windows Memory Analysis
4. Registry Analysis
5. File Analysis
6. Executable File Analysis
7. Rootkits and Rootkit Detection
Details
- No. of pages:
- 416
- Language:
- English
- Copyright:
- © Syngress 2007
- Published:
- 24th April 2007
- Imprint:
- Syngress
- eBook ISBN:
- 9780080556444
About the Author
Harlan Carvey
Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.
Affiliations and Expertise
DFIR analyst, presenter, and open-source tool author
Harlan Carvey
Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.
Affiliations and Expertise
DFIR analyst, presenter, and open-source tool author