Purchase textbook

Windows Forensic Analysis Toolkit,

Edition 3 Advanced Analysis Techniques for Windows 7

Editors: By Harlan Carvey

Publication Date: 27 Jan 2012

0 Reviews

Legal Considerations

Unknown accessibility

Note

This product relies on 3rd party tooling which may impact the accessibility features visible in inspection copies. All accessibility features mentioned would be present in the purchased version of the title.

Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 provides an overview of live and postmortem response collection and analysis methodologies for Windows 7. It considers the core investigative and analysis concepts that are critical to the work of professionals within the digital forensic analysis community, as well as the need for immediate response once an incident has been identified. Organized into eight chapters, the book discusses Volume Shadow Copies (VSCs) in the context of digital forensics and explains how analysts can access the wealth of information available in VSCs without interacting with the live system or purchasing expensive solutions. It also describes files and data structures that are new to Windows 7 (or Vista), Windows Registry Forensics, how the presence of malware within an image acquired from a Windows system can be detected, the idea of timeline analysis as applied to digital forensic analysis, and concepts and techniques that are often associated with dynamic malware analysis. Also included are several tools written in the Perl scripting language, accompanied by Windows executables. This book will prove useful to digital forensic analysts, incident responders, law enforcement officers, students, researchers, system administrators, hobbyists, or anyone with an interest in digital forensic analysis of Windows 7 systems.

Key Features

Timely 3e of a Syngress digital forensic bestseller
Updated to cover Windows 7 systems, the newest Windows version
New online companion website houses checklists, cheat sheets, free tools, and demos

About the author

By Harlan Carvey, (CISSP) Vice President of Advanced Security Projects with Terremark Worldwide, Inc., which is headquartered in Miami, FL. Harlan has provided forensic analysis services for the hospitality industry, financial institutions, as well as federal government and law enforcement agencies. Harlan resides in Northern Virginia with his family.

Dedication
Preface
Acknowledgments
About the Author
About the Technical Editor
Chapter 1. Analysis Concepts

Introduction
Analysis Concepts
Setting up an Analysis System
Summary

Chapter 2. Immediate Response

Introduction
Being Prepared to Respond
Data Collection
Summary

Chapter 3. Volume Shadow Copies

Introduction
What are “Volume Shadow Copies¿?
Live Systems
Acquired Images
Summary

Chapter 4. File Analysis

Introduction
MFT
Event Logs
Recycle Bin
Prefetch Files
Scheduled Tasks
Jump Lists
Hibernation Files
Application Files
Summary

Chapter 5. Registry Analysis

Introduction
Registry Analysis
Summary

Chapter 6. Malware Detection

Introduction
Malware Characteristics
Detecting Malware
Summary

Chapter 7. Timeline Analysis

Introduction
Timelines
Creating Timelines
Case Study
Summary

Chapter 8. Application Analysis

Introduction
Log Files
Dynamic Analysis
Network Captures
Application Memory Analysis
Summary

Index

ISBN: 9781597497275

Page Count: 296

Illustrations : 60 illustrations

Retail Price (USD) :

Windows Forensic Analysis DVD Toolkit, 2E, 9781597494229, $69.95, 512 pp., 5/2009, Syngress, Total Sales: 7,960 (Bookscan: 3,699)
File System Forensic Analysis, Brian Carrier, 9780321268174, $64.99, 600 pp., Pearson, 3/2005, Bookscan: 9,417
Real Digital Forensics, Keith Jones et al., 9780321240699, $64.99, 688 pp., Pearson, 9/2005, Bookscan: 5,632

Windows Forensic Analysis Toolkit,

Editors: By Harlan Carvey

Description

Key Features

About the author

Related Titles