Windows Forensic Analysis Toolkit : Advanced Analysis Techniques for Windows 7


Harlan. Carvey
Bok Engelsk 2012 · Electronic books.
Annen tittel
Utgitt
Burlington : : Elsevier Science, , 2012.
Omfang
1 online resource (294 p.)
Utgave
3rd ed.
Opplysninger
Description based upon print version of record.. - Windows Forensic Analysis Toolkit; Copyright Page; Contents; Preface; Intended Audience; Organization of this Book; Chapter 1: Analysis Concepts; Chapter 2: Immediate Response; Chapter 3: Volume Shadow Copies; Chapter 4: File Analysis; Chapter 5: Registry Analysis; Chapter 6: Malware Detection; Chapter 7: Timeline Analysis; Chapter 8: Application Analysis; Online Content; Acknowledgments; About the Author; About the Technical Editor; 1 Analysis Concepts; Introduction; Analysis Concepts; Windows Versions; Analysis Principles; Goals; Tools Versus Processes; Locard's Exchange Principle. - Avoiding SpeculationDirect and Indirect Artifacts; Least Frequency of Occurrence; Documentation; Convergence; Virtualization; Setting up an Analysis System; Summary; 2 Immediate Response; Introduction; Being Prepared to Respond; Questions; The Importance of Preparation; Logs; Data Collection; Training; Summary; 3 Volume Shadow Copies; Introduction; What Are "Volume Shadow Copies"?; Registry Keys; Live Systems; ProDiscover; F-Response; Acquired Images; VHD Method; VMWare Method; Automating VSC Access; ProDiscover; Summary; Reference; 4 File Analysis; Introduction; MFT; File System Tunneling. - Event LogsWindows Event Log; Recycle Bin; Prefetch Files; Scheduled Tasks; Jump Lists; Hibernation Files; Application Files; Antivirus Logs; Skype; Apple Products; Image Files; Summary; References; 5 Registry Analysis; Introduction; Registry Analysis; Registry Nomenclature; The Registry as a Log File; USB Device Analysis; System Hive; Services; Software Hive; Application Analysis; NetworkList; NetworkCards; Scheduled Tasks; User Hives; WordWheelQuery; Shellbags; MUICache; UserAssist; Virtual PC; TypedPaths; Additional Sources; RegIdleBackup; Volume Shadow Copies; Virtualization; Memory; Tools. - SourceSystem; User; Description; TLN Format; Creating Timelines; File System Metadata; Event Logs; Windows XP; Windows 7; Prefetch Files; Registry Data; Additional Sources; Parsing Events into a Timeline; Thoughts on Visualization; Case Study; Summary; 8 Application Analysis; Introduction; Log Files; Dynamic Analysis; Network Captures; Application Memory Analysis; Summary; References; Index. - SummaryReferences; 6 Malware Detection; Introduction; Malware Characteristics; Initial Infection Vector; Propagation Mechanism; Persistence Mechanism; Artifacts; Detecting Malware; Log Analysis; Dr. Watson Logs; Antivirus Scans; AV Write-ups; Digging Deeper; Packed Files; Digital Signatures; Windows File Protection; Alternate Data Streams; PE File Compile Times; MBR Infectors; Registry Analysis; Internet Activity; Additional Detection Mechanisms; Seeded Sites; Summary; References; 7 Timeline Analysis; Introduction; Timelines; Data Sources; Time Formats; Concepts; Benefits; Format; Time. - Windows is the largest operating system on desktops and servers worldwide, which means more intrusions, malware infections, and cybercrime happen on these systems. Author Harlan Carvey has brought his bestselling book up-to-date by covering the newest version of Windows, Windows 7. Windows Forensic Analysis Toolkit, 3e, covers live and postmortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. The book is also accessible to system administrators, who are often the frontline w
Emner
Sjanger
Dewey
ISBN
9781597497275

Bibliotek som har denne