Windows Forensic Analysis Toolkit
View on ScienceDirect

Windows Forensic Analysis Toolkit

Advanced Analysis Techniques for Windows 8

4th Edition - March 11, 2014

Write a review

  • Author: Harlan Carvey
  • eBook ISBN: 9780124171749
  • Paperback ISBN: 9780124171572

Purchase options

Purchase options
DRM-free (Mobi, PDF, EPub)
eBook Format Help
Available
Sales tax will be calculated at check-out

Institutional Subscription

Support CenterReturns & Refunds
Free Global Shipping
No minimum order

Description

Harlan Carvey has updated Windows Forensic Analysis Toolkit, now in its fourth edition, to cover Windows 8 systems. The primary focus of this edition is on analyzing Windows 8 systems and processes using free and open-source tools. The book covers live response, file analysis, malware detection, timeline, and much more. Harlan Carvey presents real-life experiences from the trenches, making the material realistic and showing the why behind the how. The companion and toolkit materials are hosted online. This material consists of electronic printable checklists, cheat sheets, free custom tools, and walk-through demos. This edition complements Windows Forensic Analysis Toolkit, Second Edition, which focuses primarily on XP, and Windows Forensic Analysis Toolkit, Third Edition, which focuses primarily on Windows 7. This new fourth edition provides expanded coverage of many topics beyond Windows 8 as well, including new cradle-to-grave case examples, USB device analysis, hacking and intrusion cases, and "how would I do this" from Harlan's personal case files and questions he has received from readers. The fourth edition also includes an all-new chapter on reporting.

Key Features

  • Complete coverage and examples of Windows 8 systems
  • Contains lessons from the field, case studies, and war stories
  • Companion online toolkit material, including electronic printable checklists, cheat sheets, custom tools, and walk-throughs

Readership

Information Security professionals of all levels, digital forensic examiners and investigators, InfoSec consultants, attorneys, law enforcement officers. Also forensic training vendors, government training courses, universities, and high-tech crime associations.

Table of Contents

    • Dedication
    • Preface
      • Intended Audience
      • Organization of This Book
      • DVD Contents
    • Acknowledgments
    • About the Author
    • About the Technical Editor
    • Chapter 1. Analysis Concepts
      • Introduction
      • Analysis concepts
      • Setting up an analysis system
      • Summary
    • Chapter 2. Incident Preparation
      • Introduction
      • Being prepared to respond
      • Data collection
      • Business models
      • Summary
    • Chapter 3. Volume Shadow Copies
      • Introduction
      • What are “volume shadow copies”?
      • Live systems
      • Acquired images
      • Windows 8
      • Summary
      • Reference
    • Chapter 4. File Analysis
      • Information in This Chapter
      • Introduction
      • MFT
      • Event logs
      • Recycle bin
      • Prefetch files
      • Scheduled tasks
      • Jump lists
      • Hibernation files
      • Application files
      • Summary
      • References
    • Chapter 5. Registry Analysis
      • Introduction
      • Registry analysis
      • Summary
      • References
    • Chapter 6. Malware Detection
      • Information in This Chapter
      • Introduction
      • Malware Characteristics
      • Detecting Malware
      • Summary
      • References
    • Chapter 7. Timeline Analysis
      • Introduction
      • Timelines
      • Creating Timelines
      • Case Study
      • Summary
    • Chapter 8. Correlating Artifacts
      • Introduction
      • How-Tos
      • Summary
    • Chapter 9. Reporting
      • Introduction
      • Goals
      • Case Notes
      • Reporting
      • Summary
    • Index

Product details

  • No. of pages: 350
  • Language: English
  • Copyright: © Syngress 2014
  • Published: March 11, 2014
  • Imprint: Syngress
  • eBook ISBN: 9780124171749
  • Paperback ISBN: 9780124171572

About the Author

Harlan Carvey

Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.

Affiliations and Expertise

DFIR analyst, presenter, and open-source tool author

Ratings and Reviews

Write a review

There are currently no reviews for "Windows Forensic Analysis Toolkit"