Mastering Windows Network Forensics and Investigation

Introduction

Part 1: Understanding and Exploiting Windows Networks

Chapter 1: Network Investigation Overview

Chapter 2: The Microsoft Network Structure

Chapter 3: Beyond the Windows GUI

Chapter 4: Windows Password Issues

Chapter 5: Windows Ports and Services

Part 2: Analyzing the Computer

Chapter 6: Live-Analysis Techniques

Chapter 7: Windows File Systems

Chapter 8: The Registry Structure

Chapter 9: Registry Evidence

Chapter 10: Tool Analysis

Part 3: Analyzing the Logs

Chapter 11: Text-Based Logs

Chapter 12: Windows Event Logs

Chapter 13: Logon and Account Logon Events

Chapter 14: Other Audit Events

Chapter 15: Forensic Analysis of Event Logs

Chapter 16: Presenting the Results

Appendix A: The Bottom Line

Index

Steve Anson , CISSP, MCSE, is a special agent with the Pentagon's Defense Criminal Investigative Service. He has a master's degree in computer science as well as numerous industry certifications. As a former contract instructor for the FBI, he has taught hundreds of veteran federal agents, state and local police officers, and intelligence agency employees techniques for conducting computerintrusion investigations. He also founded and supervised a local police department computer crime and information services unit and served as a task force agent for the FBI. He has conducted investigations involving large-scale computer intrusions, counterterrorism, crimes against children, and many other offenses involving the substantive use of computers.Steve Bunting is a captain with the University of Delaware Police Department, where he is responsible for computer forensics, video forensics, and investigations involving computers. He has more than thirty years experience in law enforcement, and his background in computer forensics is extensive. He is a Certified Computer Forensics Technician (CCFT) and an EnCase Certified Examiner (EnCE). He was the recipient of the 2002 Guidance Software Certified Examiner Award of Excellence. He has a bachelor's degree in applied professions/business management from Wilmington College and a computer applications certificate in network environments from the University of Delaware. He has conducted computer forensic examinations for numerous local, state, and federal agencies on a variety of cases, including extortion, homicide, embezzlement, child exploitation, intellectual property theft, and unlawful intrusions into computer systems. He has testified in court on numerous occasions as a computer forensics expert. He has taught computer forensics for Guidance Software, makers of EnCase, and taught as a lead instructor at all course levels. He has been a presenter at several seminars and workshops, is the author of numerous white papers, and