Windows Forensic Analysis Toolkit
Advanced Analysis Techniques for Windows 7
- 3rd Edition - January 27, 2012
- Author: Harlan Carvey
- Language: English
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 7 2 8 - 2
Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 provides an overview of live and postmortem response collection and analysis methodologies for Windows… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteWindows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 provides an overview of live and postmortem response collection and analysis methodologies for Windows 7. It considers the core investigative and analysis concepts that are critical to the work of professionals within the digital forensic analysis community, as well as the need for immediate response once an incident has been identified. Organized into eight chapters, the book discusses Volume Shadow Copies (VSCs) in the context of digital forensics and explains how analysts can access the wealth of information available in VSCs without interacting with the live system or purchasing expensive solutions. It also describes files and data structures that are new to Windows 7 (or Vista), Windows Registry Forensics, how the presence of malware within an image acquired from a Windows system can be detected, the idea of timeline analysis as applied to digital forensic analysis, and concepts and techniques that are often associated with dynamic malware analysis. Also included are several tools written in the Perl scripting language, accompanied by Windows executables. This book will prove useful to digital forensic analysts, incident responders, law enforcement officers, students, researchers, system administrators, hobbyists, or anyone with an interest in digital forensic analysis of Windows 7 systems.
- Timely 3e of a Syngress digital forensic bestseller
- Updated to cover Windows 7 systems, the newest Windows version
- New online companion website houses checklists, cheat sheets, free tools, and demos
Computer forensic and incident response professionals. This includes LE, federal government, commercial/private sector contractors, consultants, etc.
- Dedication
- Preface
- Acknowledgments
- About the Author
- About the Technical Editor
- Chapter 1. Analysis Concepts
- Introduction
- Analysis Concepts
- Setting up an Analysis System
- Summary
- Chapter 2. Immediate Response
- Introduction
- Being Prepared to Respond
- Data Collection
- Summary
- Chapter 3. Volume Shadow Copies
- Introduction
- What are “Volume Shadow Copies”?
- Live Systems
- Acquired Images
- Summary
- Chapter 4. File Analysis
- Introduction
- MFT
- Event Logs
- Recycle Bin
- Prefetch Files
- Scheduled Tasks
- Jump Lists
- Hibernation Files
- Application Files
- Summary
- Chapter 5. Registry Analysis
- Introduction
- Registry Analysis
- Summary
- Chapter 6. Malware Detection
- Introduction
- Malware Characteristics
- Detecting Malware
- Summary
- Chapter 7. Timeline Analysis
- Introduction
- Timelines
- Creating Timelines
- Case Study
- Summary
- Chapter 8. Application Analysis
- Introduction
- Log Files
- Dynamic Analysis
- Network Captures
- Application Memory Analysis
- Summary
- Index
- No. of pages: 296
- Language: English
- Edition: 3
- Published: January 27, 2012
- Imprint: Syngress
- eBook ISBN: 9781597497282
HC
Harlan Carvey
Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.
Affiliations and expertise
DFIR analyst, presenter, and open-source tool authorRead Windows Forensic Analysis Toolkit on ScienceDirect