Cover Image
Read Now

Windows forensic analysis toolkit advanced analysis techniques for Windows 8

Harlan Carvey has updated Windows Forensic Analysis Toolkit, now in its fourth edition, to cover Windows 8 systems. The primary focus of this edition is on analyzing Windows 8 systems and processes using free and open-source tools. The book covers live response, file analysis, malware detection, tim...

Full description

Bibliographic Details
Main Author: Carvey, Harlan A.
Format: eBook
Language:English
Published: Rockland Syngress 2014
Edition:Fourth edition
Subjects:
Computer Security
Sécurité Informatique
Computer Networks / Security Measures / Http://id.loc.gov/authorities/subjects/sh94001277
Computer Networks / Security Measures / Fast
Internet / Sécurité / Mesures
Microsoft Windows (computer File) / Fast
Microsoft Windows (computer File)
Réseaux D'ordinateurs / Sécurité / Mesures
Internet / Security Measures
Internet / Security Measures / Fast
Computer Crimes / Investigation / Methodology
Criminalité Informatique / Enquêtes / Méthodologie
Computer Security / Fast
Online Access:
Collection: O'Reilly - Collection details see MPG.ReNa
Table of Contents:
  • Includes bibliographical references and index
  • Persistence mechanismArtifacts; Detecting Malware; Log analysis; Dr. Watson logs; AV scans; AV write ups; Digging deeper; Packed files; Digital signatures; Windows File Protection; Alternate data streams; PE file compile times; Master boot record infectors; Registry analysis; Internet activity; Additional detection mechanisms; Seeded sites; Summary; References; 7 Timeline Analysis; Introduction; Timelines; Data sources; Time formats; Concepts; Benefits; Format; Time; Source; System; User; Description; TLN format; Creating Timelines; File system metadata; Event logs; Windows XP; Windows 7
  • Being prepared to respondQuestions; The importance of preparation; Logs; Data collection; Training; Business models; Summary; 3 Volume Shadow Copies; Introduction; What are "volume shadow copies"?; Registry keys; Live systems; ProDiscover; F-Response; Acquired images; VHD method; VMWare method; Automating VSC access; ProDiscover; Windows 8; Summary; Reference; 4 File Analysis; Introduction; MFT; File system tunneling; TriForce; Event logs; Windows Event Log; Recycle bin; Prefetch files; Scheduled tasks; Jump lists; Hibernation files; Application files; Antivirus logs; Skype; Apple products
  • Prefetch filesRegistry data; Additional sources; Parsing events into a timeline; Thoughts on visualization; Case Study; Summary; 8 Correlating Artifacts; Introduction; How-Tos; Correlating Windows shortcuts to USB devices; Demonstrate user access to files; IE browser analysis; Detecting system time change; Who ran defrag?; Determine data exfiltration; Finding something "new"; Summary; 9 Reporting; Introduction; Goals; Incident triage; Case Notes; Documenting your analysis; Reporting; Format; Executive summary; Body; Background; Analysis; Conclusions; Writing tips; Peer review; Summary; Index
  • Front Cover; Windows Forensic Analysis Toolkit; Copyright Page; Contents; Preface; Intended Audience; Organization of This Book; DVD Contents; Acknowledgments; About the Author; About the Technical Editor; 1 Analysis Concepts; Introduction; Analysis concepts; Windows versions; Analysis principles; Goals; Tools versus processes; The tool validation myth-odology; Locard's exchange principle; Avoiding speculation; Direct and indirect artifacts; Least frequency of occurrence; Documentation; Convergence; Virtualization; Setting up an analysis system; Summary; 2 Incident Preparation; Introduction
  • Image filesSummary; References; 5 Registry Analysis; Introduction; Registry analysis; Registry nomenclature; The registry as a log file; USB device analysis; System hive; Services; Bluetooth; Software hive; Application analysis; NetworkList; NetworkCards; Scheduled tasks; User hives; WordWheelQuery; Shellbags; MenuOrder; MUICache; UserAssist; Photos; Virtual PC; TypedPaths; Additional sources; RegIdleBackup; Volume shadow copies; Virtualization; Memory; Tools; Summary; References; 6 Malware Detection; Introduction; Malware Characteristics; Initial infection vector; Propagation mechanism

Similar Items