Windows Forensic Analysis Toolkit - 4th Edition - ISBN: 9780124171572, 9780124171749

Windows Forensic Analysis Toolkit

4th Edition

Advanced Analysis Techniques for Windows 8

Authors: Harlan Carvey
Paperback ISBN: 9780124171572
eBook ISBN: 9780124171749
Imprint: Syngress
Published Date: 27th March 2014
Page Count: 350
Sales tax will be calculated at check-out Price includes VAT/GST
In Stock
In Stock
In Stock
Sorry, this product is currently out of stock.
Sorry, we aren’t shipping this product to your region at this time.
47.99
69.95
75.41
53.95
Unavailable
Price includes VAT/GST
69.95
42.99
53.95
Unavailable
Price includes VAT/GST
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Support Center

Resources

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

Harlan Carvey has updated Windows Forensic Analysis Toolkit, now in its fourth edition, to cover Windows 8 systems. The primary focus of this edition is on analyzing Windows 8 systems and processes using free and open-source tools. The book covers live response, file analysis, malware detection, timeline, and much more. Harlan Carvey presents real-life experiences from the trenches, making the material realistic and showing the why behind the how.

The companion and toolkit materials are hosted online. This material consists of electronic printable checklists, cheat sheets, free custom tools, and walk-through demos. This edition complements Windows Forensic Analysis Toolkit, Second Edition, which focuses primarily on XP, and Windows Forensic Analysis Toolkit, Third Edition, which focuses primarily on Windows 7.

This new fourth edition provides expanded coverage of many topics beyond Windows 8 as well, including new cradle-to-grave case examples, USB device analysis, hacking and intrusion cases, and "how would I do this" from Harlan's personal case files and questions he has received from readers. The fourth edition also includes an all-new chapter on reporting.

Key Features

  • Complete coverage and examples of Windows 8 systems
  • Contains lessons from the field, case studies, and war stories
  • Companion online toolkit material, including electronic printable checklists, cheat sheets, custom tools, and walk-throughs

Readership

Information Security professionals of all levels, digital forensic examiners and investigators, InfoSec consultants, attorneys, law enforcement officers. Also forensic training vendors, government training courses, universities, and high-tech crime associations.

Table of Contents

  • Dedication
  • Preface
    • Intended Audience
    • Organization of This Book
    • DVD Contents
  • Acknowledgments
  • About the Author
  • About the Technical Editor
  • Chapter 1. Analysis Concepts
    • Introduction
    • Analysis concepts
    • Setting up an analysis system
    • Summary
  • Chapter 2. Incident Preparation
    • Introduction
    • Being prepared to respond
    • Data collection
    • Business models
    • Summary
  • Chapter 3. Volume Shadow Copies
    • Introduction
    • What are “volume shadow copies”?
    • Live systems
    • Acquired images
    • Windows 8
    • Summary
    • Reference
  • Chapter 4. File Analysis
    • Information in This Chapter
    • Introduction
    • MFT
    • Event logs
    • Recycle bin
    • Prefetch files
    • Scheduled tasks
    • Jump lists
    • Hibernation files
    • Application files
    • Summary
    • References
  • Chapter 5. Registry Analysis
    • Introduction
    • Registry analysis
    • Summary
    • References
  • Chapter 6. Malware Detection
    • Information in This Chapter
    • Introduction
    • Malware Characteristics
    • Detecting Malware
    • Summary
    • References
  • Chapter 7. Timeline Analysis
    • Introduction
    • Timelines
    • Creating Timelines
    • Case Study
    • Summary
  • Chapter 8. Correlating Artifacts
    • Introduction
    • How-Tos
    • Summary
  • Chapter 9. Reporting
    • Introduction
    • Goals
    • Case Notes
    • Reporting
    • Summary
  • Index

Details

No. of pages:
350
Language:
English
Copyright:
© Syngress 2014
Published:
Imprint:
Syngress
Paperback ISBN:
9780124171572
eBook ISBN:
9780124171749

About the Author

Harlan Carvey

Harlan Carvey is a senior information security researcher with the Dell SecureWorks Counter Threat Unit - Special Ops (CTU-SO) team, where his efforts are focused on targeted threat hunting, response, and research. He continues to maintain a passion and focus in analyzing Windows systems, and in particular, the Windows Registry.

Harlan is an accomplished author, public speaker, and open source tool author. He dabbles in other activities, including home brewing and horseback riding. As a result, he has become quite adept at backing up and parking a horse trailer.

Harlan earned a bachelor’s degree in electrical engineering from the Virginia Military Institute, and a master’s degree in the same discipline from the Naval Postgraduate School. He served in the United States Marine Corps, achieving the rank of captain before departing the service. He resides in Northern Virginia with his family.

Affiliations and Expertise

DFIR analyst, presenter, and open-source tool author

Reviews

"... this book is well written and easy to read…has some material of interest to experts…"--Computing Reviews, Windows Forensic Analysis Toolkit, 4th Edition

"...technical detail is extensive here and those realworld examples mentioned earlier are worked through in intricate detail. You will definitely want to try this at home…" -Network Security, Nov 2014

Ratings and Reviews

Request Quote

Tax Exemption

We cannot process tax exempt orders online. If you wish to place a tax exempt order please contact us.