Mastering Windows network forensics and investigation.
An authoritative guide to investigating high-technology crimesInternet crime is seemingly ever on the rise, making the need for a comprehensive resource on how to investigate these crimes even more dire. This professional-level book--aimed at law enforcement personnel, prosecutors, and corporate inv...
Clasificación: | Libro Electrónico |
---|---|
Otros Autores: | , , , |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Hoboken, N.J. :
Wiley,
2012.
|
Temas: | |
Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Mastering Windows® Network Forensics and Investigation; Contents; Introduction; Part 1: Understanding and Exploiting Windows Networks; Chapter 1: Network Investigation Overview; Performing the Initial Vetting; Meeting with the Victim Organization; Collecting the Evidence; Analyzing the Evidence; Analyzing the Suspect's Computers; Recognizing the Investigative Challenges of Microsoft Networks; The Bottom Line; Chapter 2: The Microsoft Network Structure; Connecting Computers; Windows Domains; Users and Groups; Permissions; Example Hack; The Bottom Line; Chapter 3: Beyond the Windows GUI.
- Understanding Programs, Processes, and ThreadsRedirecting Process Flow; Maintaining Order Using Privilege Modes; Using Rootkits; The Bottom Line; Chapter 4: Windows Password Issues; Understanding Windows Password Storage; Cracking Windows Passwords Stored on Running Systems; Exploring Windows Authentication Mechanisms; Sniffing and Cracking Windows Authentication Exchanges; Cracking Offline Passwords; The Bottom Line; Chapter 5: Windows Ports and Services; Understanding Ports; Using Ports as Evidence; Understanding Windows Services; The Bottom Line; Part 2: Analyzing the Computer.
- Chapter 6: Live-Analysis TechniquesFinding Evidence in Memory; Creating a Windows Live-Analysis Toolkit; Monitoring Communication with the Victim Box; Scanning the Victim System; The Bottom Line; Chapter 7: Windows Filesystems; Filesystems vs. Operating Systems; Understanding FAT Filesystems; Understanding NTFS Filesystems; Dealing with Alternate Data Streams; The exFAT Filesystem; The Bottom Line; Chapter 8: The Registry Structure; Understanding Registry Concepts; Performing Registry Research; Viewing the Registry with Forensic Tools; Using EnCase to View the Registry.
- Using AccessData's Registry ViewerOther Tools; The Bottom Line; Chapter 9: Registry Evidence; Finding Information in the Software Key; Exploring Windows Security, Action Center, and Firewall Settings; Analyzing Restore Point Registry Settings; Windows XP Restore Point Content; Analyzing Volume Shadow Copies for Registry Settings; Exploring Security Identifiers; Investigating User Activity; Extracting LSA Secrets; Discovering IP Addresses; Compensating for Time Zone Offsets; Determining the Startup Locations; The Bottom Line; Chapter 10: Introduction to Malware.
- Understanding the Purpose of Malware AnalysisMalware Analysis Tools and Techniques; The Bottom Line; Part 3: Analyzing the Logs; Chapter 11: Text-Based Logs; Parsing IIS Logs; Parsing FTP Logs; Parsing DHCP Server Logs; Parsing Windows Firewall Logs; Using Splunk; The Bottom Line; Chapter 12: Windows Event Logs; Understanding the Event Logs; Using Event Viewer; Searching with Event Viewer; The Bottom Line; Chapter 13: Logon and Account Logon Events; Begin at the Beginning; The Bottom Line; Chapter 14: Other Audit Events; The Exploitation of a Network; Examining System Log Entries; Examining Application Log Entries.