Windows Forensic Analysis Toolkit,
Edition 3
Advanced Analysis Techniques for Windows 7
By Harlan Carvey
Publication Date:
27 Jan 2012
Description
Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 provides an overview of live and postmortem response collection and analysis methodologies for Windows 7. It considers the core investigative and analysis concepts that are critical to the work of professionals within the digital forensic analysis community, as well as the need for immediate response once an incident has been identified. Organized into eight chapters, the book discusses Volume Shadow Copies (VSCs) in the context of digital forensics and explains how analysts can access the wealth of information available in VSCs without interacting with the live system or purchasing expensive solutions. It also describes files and data structures that are new to Windows 7 (or Vista), Windows Registry Forensics, how the presence of malware within an image acquired from a Windows system can be detected, the idea of timeline analysis as applied to digital forensic analysis, and concepts and techniques that are often associated with dynamic malware analysis. Also included are several tools written in the Perl scripting language, accompanied by Windows executables. This book will prove useful to digital forensic analysts, incident responders, law enforcement officers, students, researchers, system administrators, hobbyists, or anyone with an interest in digital forensic analysis of Windows 7 systems.
Key Features
- Timely 3e of a Syngress digital forensic bestseller
- Updated to cover Windows 7 systems, the newest Windows version
- New online companion website houses checklists, cheat sheets, free tools, and demos
About the author
By Harlan Carvey, (CISSP) Vice President of Advanced Security Projects with Terremark Worldwide, Inc., which is headquartered in Miami, FL. Harlan has provided forensic analysis services for the hospitality industry, financial institutions, as well as federal government and law enforcement agencies. Harlan resides in Northern Virginia with his family.
Table of Contents
- Dedication
- Preface
- Acknowledgments
- About the Author
- About the Technical Editor
- Chapter 1. Analysis Concepts
- Introduction
- Analysis Concepts
- Setting up an Analysis System
- Summary
- Chapter 2. Immediate Response
- Introduction
- Being Prepared to Respond
- Data Collection
- Summary
- Chapter 3. Volume Shadow Copies
- Introduction
- What are “Volume Shadow Copies¿?
- Live Systems
- Acquired Images
- Summary
- Chapter 4. File Analysis
- Introduction
- MFT
- Event Logs
- Recycle Bin
- Prefetch Files
- Scheduled Tasks
- Jump Lists
- Hibernation Files
- Application Files
- Summary
- Chapter 5. Registry Analysis
- Introduction
- Registry Analysis
- Summary
- Chapter 6. Malware Detection
- Introduction
- Malware Characteristics
- Detecting Malware
- Summary
- Chapter 7. Timeline Analysis
- Introduction
- Timelines
- Creating Timelines
- Case Study
- Summary
- Chapter 8. Application Analysis
- Introduction
- Log Files
- Dynamic Analysis
- Network Captures
- Application Memory Analysis
- Summary
- Index
Book details
ISBN:
9781597497275
Page Count: 296
Illustrations
: 60 illustrations
Retail Price
:
£47.99
- Windows Forensic Analysis DVD Toolkit, 2E, 9781597494229, $69.95, 512 pp., 5/2009, Syngress, Total Sales: 7,960 (Bookscan: 3,699)
- File System Forensic Analysis, Brian Carrier, 9780321268174, $64.99, 600 pp., Pearson, 3/2005, Bookscan: 9,417
- Real Digital Forensics, Keith Jones et al., 9780321240699, $64.99, 688 pp., Pearson, 9/2005, Bookscan: 5,632
Audience
Computer forensic and incident response professionals. This includes LE, federal government, commercial/private sector contractors, consultants, etc.
Related Titles
