Muutke küpsiste eelistusi

E-raamat: Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7

4.45/5 (55 hinnangut Goodreads-ist)
(DFIR analyst, presenter, and open-source tool author)
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 27-Jan-2012
  • Kirjastus: Syngress Media,U.S.
  • Keel: eng
  • ISBN-13: 9781597497282
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 53,09 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7Suurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 27-Jan-2012
  • Kirjastus: Syngress Media,U.S.
  • Keel: eng
  • ISBN-13: 9781597497282
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

The third edition of this reference for system administrators, digital forensic analysts, students, and law enforcement does not replace the second edition, but rather serves as a companion. Coverage encompasses areas such as immediate response, volume shadow copies, file and registry analysis, malware detection, and application analysis. Learning features include b&w screenshots, tip and warning boxes, code (also available on a website), case studies, and 'war stories' from the field. The tools described throughout the book are written in the Perl scripting language, but readers don't need to be experts in Perl, and most of the scripts are accompanied by Windows executables found online. For this third edition, a companion website provides printable checklists, cheat sheets, custom tools, and demos. Carvey is a computer security consultant Annotation ©2012 Book News, Inc., Portland, OR (booknews.com)

Now in its third edition, Harlan Carvey has updated Windows Forensic Analysis Toolkit to cover Windows 7 systems. The primary focus of this edition is on analyzing Windows 7 systems and on processes using free and open-source tools. The book covers live response, file analysis, malware detection, timeline, and much more. The author presents real-life experiences from the trenches, making the material realistic and showing the why behind the how. New to this edition, the companion and toolkit materials are now hosted online. This material consists of electronic printable checklists, cheat sheets, free custom tools, and walk-through demos. This edition complements Windows Forensic Analysis Toolkit, 2nd Ed. (ISBN: 9781597494229), which focuses primarily on XP.

  • Complete coverage and examples on Windows 7 systems

  • Contains Lessons from the Field, Case Studies, and War Stories

  • Companion online material, including electronic printable checklists, cheat sheets, free custom tools, and walk-through demos


Windows is the largest operating system on desktops and servers worldwide, which means more intrusions, malware infections, and cybercrime happen on these systems. Author Harlan Carvey has brought his bestselling book up-to-date by covering the newest version of Windows, Windows 7. Windows Forensic Analysis Toolkit, 3e, covers live and postmortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. The book is also accessible to system administrators, who are often the frontline when an incident occurs, but due to staffing and budget constraints do not have the necessary knowledge to respond effectively. Now the companion material is hosted online as opposed to a DVD, making the material accessible from any location and in any book format.

  • Timely 3e of a Syngress digital forensic bestseller
  • Updated to cover Windows 7 systems, the newest Windows version
  • New online companion website houses checklists, cheat sheets, free tools, and demos

Arvustused

"Harlan has done it again! Continuing in the tradition of excellence established by the previous editions, Windows Forensics Analysis Toolkit 3e is an indispensable resource for any forensic examiner. Whether you're a seasoned veteran or just starting out, this work is required reading. WFA3e will maintain a perennial spot on my core reference bookshelf!" --Cory Altheide, Google

"Windows Forensic Analysis Toolkit 3rd Edition provides a wealth of important information for new and old practitioners alike. Not only does it provide a great overview of artifacts of interest on Windows 7 systems, but it also presents plenty of technology independent concepts that play an important role in any investigation. Feel free to place a copy on your shelf next to WFA 2ed and WRF." --Digital4rensics.com

"The third edition of this reference for system administrators, digital forensic analysts, students, and law enforcement does not replace the second edition, but rather serves as a companion. Coverage encompasses areas such as immediate response, volume shadow copies, file and registry analysis, malware detection, and application analysis. Learning features include b&w screenshots, tip and warning boxes, code (also available on a website), case studies, and 'war stories' from the field. The tools described throughout the book are written in the Perl scripting language, but readers don't need to be experts in Perl, and most of the scripts are accompanied by Windows executables found online. For this third edition, a companion website provides printable checklists, cheat sheets, custom tools, and demos."--Reference and Research Book News, Inc.

"There is a good reason behind the success of the previous editions of this book, and it has to do with two things: new Windows versions are different enough from previous ones to warrant a new edition and, most importantly, the author is simply that good at explaining things. This edition is no different." --HelpNetSecurity

Preface xi
Acknowledgments xvii
About the Author xix
About the Technical Editor xxi
Chapter 1 Analysis Concepts
1(22)
Introduction
1(2)
Analysis Concepts
3(16)
Windows Versions
4(2)
Analysis Principles
6(9)
Documentation
15(1)
Convergence
16(1)
Virtualization
17(2)
Setting Up an Analysis System
19(3)
Summary
22(1)
Chapter 2 Immediate Response
23(20)
Introduction
23(1)
Being Prepared to Respond
24(12)
Questions
25(3)
The Importance of Preparation
28(3)
Logs
31(5)
Data Collection
36(4)
Training
39(1)
Summary
40(3)
Chapter 3 Volume Shadow Copies
43(26)
Introduction
43(1)
What Are "Volume Shadow Copies"?
44(2)
Registry Keys
45(1)
Live Systems
46(6)
ProDiscover
49(1)
F-Response
50(2)
Acquired Images
52(15)
VHD Method
54(4)
VMWare Method
58(4)
Automating VSC Access
62(2)
ProDiscover
64(3)
Summary
67(1)
Reference
67(2)
Chapter 4 File Analysis
69(42)
Introduction
70(1)
MFT
70(8)
File System Tunneling
76(2)
Event Logs
78(7)
Windows Event Log
82(3)
Recycle Bin
85(3)
Prefetch Files
88(4)
Scheduled Tasks
92(3)
Jump Lists
95(6)
Hibernation Files
101(1)
Application Files
102(6)
Antivirus Logs
103(1)
Skype
104(1)
Apple Products
105(1)
Image Files
106(2)
Summary
108(1)
References
109(2)
Chapter 5 Registry Analysis
111(44)
Introduction
112(1)
Registry Analysis
112(41)
Registry Nomenclature
113(1)
The Registry as a Log File
114(1)
USB Device Analysis
115(13)
System Hive
128(3)
Software Hive
131(8)
User Hives
139(9)
Additional Sources
148(2)
Tools
150(3)
Summary
153(1)
References
153(2)
Chapter 6 Malware Detection
155(40)
Introduction
156(1)
Malware Characteristics
156(12)
Initial Infection Vector
158(2)
Propagation Mechanism
160(2)
Persistence Mechanism
162(3)
Artifacts
165(3)
Detecting Malware
168(25)
Log Analysis
169(4)
Antivirus Scans
173(4)
Digging Deeper
177(14)
Seeded Sites
191(2)
Summary
193(1)
References
193(2)
Chapter 7 Timeline Analysis
195(38)
Introduction
196(1)
Timelines
196(14)
Data Sources
198(1)
Time Formats
199(1)
Concepts
200(2)
Benefits
202(2)
Format
204(6)
Creating Timelines
210(19)
File System Metadata
211(6)
Event Logs
217(4)
Prefetch Files
221(1)
Registry Data
222(2)
Additional Sources
224(1)
Parsing Events into a Timeline
225(3)
Thoughts on Visualization
228(1)
Case Study
229(3)
Summary
232(1)
Chapter 8 Application Analysis
233(12)
Introduction
233(2)
Log Files
235(1)
Dynamic Analysis
236(5)
Network Captures
241(2)
Application Memory Analysis
243(1)
Summary
244(1)
References
244(1)
Index 245
Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97815974972826e.html
Märksõnad: