Windows Forensics
The Field Guide for Conducting Corporate Computer Investigations
(Sprache: Englisch)
The evidence is in to solve Windows crime, you need Windows tools An arcane pursuit a decade ago, forensic science today is a household term. And while the computer forensic analyst may not lead as exciting a life as TV s CSIs do, he or she relies just as...
Leider schon ausverkauft
versandkostenfrei
Buch
39.90 €
Produktdetails
Produktinformationen zu „Windows Forensics “
The evidence is in to solve Windows crime, you need Windows tools An arcane pursuit a decade ago, forensic science today is a household term. And while the computer forensic analyst may not lead as exciting a life as TV s CSIs do, he or she relies just as heavily on scientific principles and just as surely solves crime.
Klappentext zu „Windows Forensics “
The evidence is in--to solve Windows crime, you need Windows toolsAn arcane pursuit a decade ago, forensic science today is a household term. And while the computer forensic analyst may not lead as exciting a life as TV's CSIs do, he or she relies just as heavily on scientific principles and just as surely solves crime.
Whether you are contemplating a career in this growing field or are already an analyst in a Unix/Linux environment, this book prepares you to combat computer crime in the Windows world. Here are the tools to help you recover sabotaged files, track down the source of threatening e-mails, investigate industrial espionage, and expose computer criminals.
Identify evidence of fraud, electronic theft, and employee Internet abuse
Investigate crime related to instant messaging, Lotus Notes(r), and increasingly popular browsers such as Firefox(r)
Learn what it takes to become a computer forensics analyst
Take advantage of sample forms and layouts as well as case studies
Protect the integrity of evidence
Compile a forensic response toolkit
Assess and analyze damage from computer crime and process the crime scene
Develop a structure for effectively conducting investigations
Discover how to locate evidence in the Windows Registry
Inhaltsverzeichnis zu „Windows Forensics “
Chapter 1. Windows ForensicsThe Corporate Computer Forensic Analyst
Windows Forensics
People, Processes, and Tools
Computer Forensics: Today and Tomorrow
Additional Resources
Chapter 2. Processing the Digital Crime Scene
Identify the Scene
Perform Remote Research
Secure the Crime Scene
Document the Scene
Process the Scene for Physical Evidence
Process the Scene for Electronic Evidence
Chain of Custody
Best Evidence
Working with Law Enforcement
Additional Resources
Chapter 3. Windows Forensic Basics
History and Versions
MS-DOS
Windows 1.x, 2.x, and 3.x
Windows NT and 2000
Windows 95, 98, and ME
Windows XP and 2003
Non-Volatile Storage
Floppy Disks
Tapes
CDs and DVDs
USB Flash Drives
Hard Disks
Additional Resources
Chapter 4. Partitions and File Systems
Master Boot Record
Windows File Systems
FAT
VFAT
NTFS
Compression
Encryption
Additional Resources
Chapter 5. Directory Structure and Special Files
Windows NT/2000/XP
Directories
Files
Windows 9x
Directories
Files
Additional Resources
Chapter 6. The Registry
History
Registry Basics
Registry Analysis
General
Folder Locations
Startup Items
Intelliforms
Advanced Registry Analysis
Additional Resources
Chapter 7. Forensic Analysis
Chapter 8. Live System Analysis
Covert Analysis
System State Analysis
System Tools
Storage
Services and Applications
Remote Enumeration
Monitoring
Keystroke Recording
Network Monitoring
Overt Analysis
GUI-based Overt Analysis
Local Command Line Analysis
Remote Command Line Analysis
Basic Information Gathering
System State Information
Running Program Information
Main Memory Analysis
Additional Resources
Chapter 9. Forensic Duplication
Hard Disk Duplication
In-Situ Duplication
Direct Duplication
Magnetic Tape
Hard Disks
Optical Disks
Multi-tiered
... mehr
Storage
Log File Duplication
Additional Resources
Chapter 10. File System Analysis
Searching
Index-based Searching
Bitwise Searching
Search Methodology
Hash Analysis
Positive Hash Analysis
Negative Hash Analysis
File Recovery
Special Files
Print Spool Files
Windows Shortcuts
Paging File
Additional Resources
Chapter 11. Log File Analysis
Event Logs
Application Log
System Log
Security Log
Successful Log-on/Log-off Events
Failed Log-on Event
Change of Policy
Successful or Failed Object Access
Account Change
Log Clearing
Internet Logs
HTTP Logs
FTP Logs
SMTP Logs
Additional Resources
Chapter 12. Internet Usage Analysis
Web Activity
Internet Explorer
Favorites
History
Cache
Cookies
Firefox
Favorites
History
Cache
Cookies
Passwords
Downloads
Toolbar History
Network, Proxy, and DNS History
Peer-to-Peer Networking
Gnutella Clients
Bearshare
Downloading
Sharing
Other Information
Limewire
Downloading
Sharing
FastTrack Clients
Overnet, eMule, and eDonkey2000 Clients
Downloading
Sharing
Instant Messaging
AOL Instant Messenger
Microsoft Messenger
Additional Resources
Chapter 13. Email Investigations
Outlook/Outlook Express
Outlook Express
Acquisition
Analysis
Outlook
Acquisition
Access Control
Analysis
Lotus Notes
Acquisition
Access Control and Logging
Analysis
Address Book
Additional Resources
Appendix A. Sample Chain of Custody Form
Appendix B. Master Boot Record Layout
Appendix C. Partition Types
Appendix D. FAT32 Boot Sector Layout
Appendix E. NTFS Boot Sector Layout
Appendix F. NTFS Metafiles
Appendix G. Well-Known SIDs
Index
Log File Duplication
Additional Resources
Chapter 10. File System Analysis
Searching
Index-based Searching
Bitwise Searching
Search Methodology
Hash Analysis
Positive Hash Analysis
Negative Hash Analysis
File Recovery
Special Files
Print Spool Files
Windows Shortcuts
Paging File
Additional Resources
Chapter 11. Log File Analysis
Event Logs
Application Log
System Log
Security Log
Successful Log-on/Log-off Events
Failed Log-on Event
Change of Policy
Successful or Failed Object Access
Account Change
Log Clearing
Internet Logs
HTTP Logs
FTP Logs
SMTP Logs
Additional Resources
Chapter 12. Internet Usage Analysis
Web Activity
Internet Explorer
Favorites
History
Cache
Cookies
Firefox
Favorites
History
Cache
Cookies
Passwords
Downloads
Toolbar History
Network, Proxy, and DNS History
Peer-to-Peer Networking
Gnutella Clients
Bearshare
Downloading
Sharing
Other Information
Limewire
Downloading
Sharing
FastTrack Clients
Overnet, eMule, and eDonkey2000 Clients
Downloading
Sharing
Instant Messaging
AOL Instant Messenger
Microsoft Messenger
Additional Resources
Chapter 13. Email Investigations
Outlook/Outlook Express
Outlook Express
Acquisition
Analysis
Outlook
Acquisition
Access Control
Analysis
Lotus Notes
Acquisition
Access Control and Logging
Analysis
Address Book
Additional Resources
Appendix A. Sample Chain of Custody Form
Appendix B. Master Boot Record Layout
Appendix C. Partition Types
Appendix D. FAT32 Boot Sector Layout
Appendix E. NTFS Boot Sector Layout
Appendix F. NTFS Metafiles
Appendix G. Well-Known SIDs
Index
... weniger
Autoren-Porträt von Chad Steel
Chad Steel has investigated more than 300 computer security incidents. As an adjunct faculty member, he developed and taught the Computer Forensics graduate course in Penn State's engineering program and has instructed federal and local law enforcement, commercial clients, and graduate students in forensic analysis. His experience includes serving as head of IT investigations for a Global 100 corporation and as managing director of the Systems Integration and Security practice at Qwest Communications.
Bibliographische Angaben
- Autor: Chad Steel
- 2006, 1. Auflage., 384 Seiten, Maße: 23,6 cm, Kartoniert (TB), Englisch
- Verlag: Wiley & Sons
- ISBN-10: 0470038624
- ISBN-13: 9780470038628
Sprache:
Englisch
Kommentar zu "Windows Forensics"
0 Gebrauchte Artikel zu „Windows Forensics“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "Windows Forensics".
Kommentar verfassen