Skip to main content
Elsevier
View Cart

Perl Scripting for Windows Security

Live Response, Forensic Analysis, and Monitoring

  • 1st Edition - December 12, 2007
  • Latest edition
  • Author: Harlan Carvey
  • Language: English

I decided to write this book for a couple of reasons. One was that I’ve now written a couple of books that have to do with incident response and forensic analysis on Windows sy… Read more

World Book Day celebration

Where learning shapes lives

Up to 25% off trusted resources that support research, study, and discovery.

Explore resources

Description

I decided to write this book for a couple of reasons. One was that I’ve now written a couple of books that have to do with incident response and forensic analysis on Windows systems, and I used a lot of Perl in both books. Okay…I’ll come clean…I used nothing but Perl in both books! What I’ve seen as a result of this is that many readers want to use the tools, but don’t know how…they simply aren’t familiar with Perl, with interpreted (or scripting) languages in general, and may not be entirely comfortable with running tools at the command line.

This book is intended for anyone who has an interest in useful Perl scripting, in particular on the Windows platform, for the purpose of incident response, and forensic analysis, and application monitoring. While a thorough grounding in scripting languages (or in Perl specifically) is not required, it helpful in fully and more completely understanding the material and code presented in this book. This book contains information that is useful to consultants who perform incident response and computer forensics, specifically as those activities pertain to MS Windows systems (Windows 2000, XP, 2003, and some Vista). My hope is that not only will consultants (such as myself) find this material valuable, but so will system administrators, law enforcement officers, and students in undergraduate and graduate programs focusing on computer forensics.

Key features

  • Perl Scripting for Live Response

Using Perl, there’s a great deal of information you can retrieve from systems, locally or remotely, as part of troubleshooting or investigating an issue. Perl scripts can be run from a central management point, reaching out to remote systems in order to collect information, or they can be "compiled" into standalone executables using PAR, PerlApp, or Perl2Exe so that they can be run on systems that do not have ActiveState’s Perl distribution (or any other Perl distribution) installed.
  • Perl Scripting for Computer Forensic Analysis

Perl is an extremely useful and powerful tool for performing computer forensic analysis. While there are applications available that let an examiner access acquired images and perform some modicum of visualization, there are relatively few tools that meet the specific needs of a specific examiner working on a specific case. This is where the use of Perl really shines through and becomes apparent.
  • Perl Scripting for Application Monitoring

Working with enterprise-level Windows applications requires a great deal of analysis and constant monitoring. Automating the monitoring portion of this effort can save a great deal of time, reduce system downtimes, and improve the reliability of your overall application. By utilizing Perl scripts and integrating them with the application technology, you can easily build a simple monitoring framework that can alert you to current or future application issues.

Readership

This book is intended for anyone who has an interest in useful Perl scripting, in particular on the Windows platform, for the purpose of incident response, and forensic analysis, and application monitoring. While a thorough grounding in scripting languages (or in Perl specifically) is not required, it helpful in fully and more completely understanding the material and code presented in this book. This book contains information that is useful to consultants who perform incident response and computer forensics, specifically as those activities pertain to MS Windows systems (Windows 2000, XP, 2003, and some Vista). My hope is that not only will consultants (such as myself) find this material valuable, but so will system administrators, law enforcement officers, and students in undergraduate and graduate programs focusing on computer forensics.

Table of contents

Author

Technical Editor

Contributing Authors

Preface

Author Acknowledgements

Part I: Perl Scripting and Live Response

Built-in Functions

Running Processes

Accessing the API

WMI

Accessing the Registry

ProScripts

Part II: Perl Scripting and Computer Forensic Analysis

Log Files

Parsing Binary Files

Registry

Event Logs

Parsing RAM Dumps

ProScripts

Parsing Other Data

Part III: Monitoring Windows Applications with Perl

Core Application Processes

Core Application Dependencies

Web Services

Summary

Index

Product details

  • Edition: 1
  • Latest edition
  • Published: April 18, 2011
  • Language: English

About the author

HC

Harlan Carvey

Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.
Affiliations and expertise
DFIR analyst, presenter, and open-source tool author

View book on ScienceDirect

Read Perl Scripting for Windows Security on ScienceDirect