Windows Forensic Analysis Toolkit - 4th Edition - ISBN: 9780124171572, 9780124171749

Windows Forensic Analysis Toolkit

4th Edition

Advanced Analysis Techniques for Windows 8

Authors: Harlan Carvey
Paperback ISBN: 9780124171572
eBook ISBN: 9780124171749
Imprint: Syngress
Published Date: 27th March 2014
Page Count: 350
Sales tax will be calculated at check-out Price includes VAT/GST
69.95
48.97
48.97
48.97
55.96
48.97
48.97
55.96
75.41
52.79
52.79
52.79
60.33
52.79
52.79
60.33
59.00
41.30
41.30
41.30
47.20
41.30
41.30
47.20
50.00
35.00
35.00
35.00
40.00
35.00
35.00
40.00
Unavailable
Price includes VAT/GST
42.99
30.09
30.09
30.09
34.39
30.09
30.09
34.39
69.95
48.97
48.97
48.97
55.96
48.97
48.97
55.96
53.95
37.77
37.77
37.77
43.16
37.77
37.77
43.16
Unavailable
Price includes VAT/GST

eBook format help

Institutional Subscription

Support Center

Resources

Instructor Ancillary Support Materials

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

Harlan Carvey has updated Windows Forensic Analysis Toolkit, now in its fourth edition, to cover Windows 8 systems. The primary focus of this edition is on analyzing Windows 8 systems and processes using free and open-source tools. The book covers live response, file analysis, malware detection, timeline, and much more. Harlan Carvey presents real-life experiences from the trenches, making the material realistic and showing the why behind the how.

The companion and toolkit materials are hosted online. This material consists of electronic printable checklists, cheat sheets, free custom tools, and walk-through demos. This edition complements Windows Forensic Analysis Toolkit, Second Edition, which focuses primarily on XP, and Windows Forensic Analysis Toolkit, Third Edition, which focuses primarily on Windows 7.

This new fourth edition provides expanded coverage of many topics beyond Windows 8 as well, including new cradle-to-grave case examples, USB device analysis, hacking and intrusion cases, and "how would I do this" from Harlan's personal case files and questions he has received from readers. The fourth edition also includes an all-new chapter on reporting.

Key Features

  • Complete coverage and examples of Windows 8 systems
  • Contains lessons from the field, case studies, and war stories
  • Companion online toolkit material, including electronic printable checklists, cheat sheets, custom tools, and walk-throughs

Readership

Information Security professionals of all levels, digital forensic examiners and investigators, InfoSec consultants, attorneys, law enforcement officers. Also forensic training vendors, government training courses, universities, and high-tech crime associations.

Table of Contents

  • Dedication
  • Preface
    • Intended Audience
    • Organization of This Book
    • DVD Contents
  • Acknowledgments
  • About the Author
  • About the Technical Editor
  • Chapter 1. Analysis Concepts
    • Introduction
    • Analysis concepts
    • Setting up an analysis system
    • Summary
  • Chapter 2. Incident Preparation
    • Introduction
    • Being prepared to respond
    • Data collection
    • Business models
    • Summary
  • Chapter 3. Volume Shadow Copies
    • Introduction
    • What are “volume shadow copies”?
    • Live systems
    • Acquired images
    • Windows 8
    • Summary
    • Reference
  • Chapter 4. File Analysis
    • Information in This Chapter
    • Introduction
    • MFT
    • Event logs
    • Recycle bin
    • Prefetch files
    • Scheduled tasks
    • Jump lists
    • Hibernation files
    • Application files
    • Summary
    • References
  • Chapter 5. Registry Analysis
    • Introduction
    • Registry analysis
    • Summary
    • References
  • Chapter 6. Malware Detection
    • Information in This Chapter
    • Introduction
    • Malware Characteristics
    • Detecting Malware
    • Summary
    • References
  • Chapter 7. Timeline Analysis
    • Introduction
    • Timelines
    • Creating Timelines
    • Case Study
    • Summary
  • Chapter 8. Correlating Artifacts
    • Introduction
    • How-Tos
    • Summary
  • Chapter 9. Reporting
    • Introduction
    • Goals
    • Case Notes
    • Reporting
    • Summary
  • Index

Details

No. of pages:
350
Language:
English
Copyright:
© Syngress 2014
Published:
Imprint:
Syngress
Paperback ISBN:
9780124171572
eBook ISBN:
9780124171749

About the Author

Harlan Carvey

Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.

Affiliations and Expertise

DFIR analyst, presenter, and open-source tool author

Reviews

"... this book is well written and easy to read…has some material of interest to experts…"--Computing Reviews, Windows Forensic Analysis Toolkit, 4th Edition

"...technical detail is extensive here and those realworld examples mentioned earlier are worked through in intricate detail. You will definitely want to try this at home…" -Network Security, Nov 2014

Ratings and Reviews

Request Quote

Tax Exemption

We cannot process tax exempt orders online. If you wish to place a tax exempt order please contact us.