Save up to 30% on Elsevier print and eBooks with free shipping. No promo code needed.
Save up to 30% on print and eBooks.
Windows Forensic Analysis Toolkit
Advanced Analysis Techniques for Windows 7
3rd Edition - January 27, 2012
Author: Harlan Carvey
Language: English
eBook ISBN:9781597497282
9 7 8 - 1 - 5 9 7 4 9 - 7 2 8 - 2
Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 provides an overview of live and postmortem response collection and analysis methodologies for Windows…Read more
Purchase options
LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 provides an overview of live and postmortem response collection and analysis methodologies for Windows 7. It considers the core investigative and analysis concepts that are critical to the work of professionals within the digital forensic analysis community, as well as the need for immediate response once an incident has been identified. Organized into eight chapters, the book discusses Volume Shadow Copies (VSCs) in the context of digital forensics and explains how analysts can access the wealth of information available in VSCs without interacting with the live system or purchasing expensive solutions. It also describes files and data structures that are new to Windows 7 (or Vista), Windows Registry Forensics, how the presence of malware within an image acquired from a Windows system can be detected, the idea of timeline analysis as applied to digital forensic analysis, and concepts and techniques that are often associated with dynamic malware analysis. Also included are several tools written in the Perl scripting language, accompanied by Windows executables. This book will prove useful to digital forensic analysts, incident responders, law enforcement officers, students, researchers, system administrators, hobbyists, or anyone with an interest in digital forensic analysis of Windows 7 systems.
Timely 3e of a Syngress digital forensic bestseller
Updated to cover Windows 7 systems, the newest Windows version
New online companion website houses checklists, cheat sheets, free tools, and demos
Dedication
Preface
Acknowledgments
About the Author
About the Technical Editor
Chapter 1. Analysis Concepts
Introduction
Analysis Concepts
Setting up an Analysis System
Summary
Chapter 2. Immediate Response
Introduction
Being Prepared to Respond
Data Collection
Summary
Chapter 3. Volume Shadow Copies
Introduction
What are “Volume Shadow Copies”?
Live Systems
Acquired Images
Summary
Chapter 4. File Analysis
Introduction
MFT
Event Logs
Recycle Bin
Prefetch Files
Scheduled Tasks
Jump Lists
Hibernation Files
Application Files
Summary
Chapter 5. Registry Analysis
Introduction
Registry Analysis
Summary
Chapter 6. Malware Detection
Introduction
Malware Characteristics
Detecting Malware
Summary
Chapter 7. Timeline Analysis
Introduction
Timelines
Creating Timelines
Case Study
Summary
Chapter 8. Application Analysis
Introduction
Log Files
Dynamic Analysis
Network Captures
Application Memory Analysis
Summary
Index
No. of pages: 296
Language: English
Edition: 3
Published: January 27, 2012
Imprint: Syngress
eBook ISBN: 9781597497282
HC
Harlan Carvey
Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.
Affiliations and expertise
DFIR analyst, presenter, and open-source tool author
Read Windows Forensic Analysis Toolkit on ScienceDirect