Cargando…

Mastering Windows network forensics and investigation.

An authoritative guide to investigating high-technology crimesInternet crime is seemingly ever on the rise, making the need for a comprehensive resource on how to investigate these crimes even more dire. This professional-level book--aimed at law enforcement personnel, prosecutors, and corporate inv...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Otros Autores: Anson, Steve, Bunting, Steve, Johnson, Ryan, Pearson, Scott
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Hoboken, N.J. : Wiley, 2012.
Temas:
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Mastering Windows® Network Forensics and Investigation; Contents; Introduction; Part 1: Understanding and Exploiting Windows Networks; Chapter 1: Network Investigation Overview; Performing the Initial Vetting; Meeting with the Victim Organization; Collecting the Evidence; Analyzing the Evidence; Analyzing the Suspect's Computers; Recognizing the Investigative Challenges of Microsoft Networks; The Bottom Line; Chapter 2: The Microsoft Network Structure; Connecting Computers; Windows Domains; Users and Groups; Permissions; Example Hack; The Bottom Line; Chapter 3: Beyond the Windows GUI.
  • Understanding Programs, Processes, and ThreadsRedirecting Process Flow; Maintaining Order Using Privilege Modes; Using Rootkits; The Bottom Line; Chapter 4: Windows Password Issues; Understanding Windows Password Storage; Cracking Windows Passwords Stored on Running Systems; Exploring Windows Authentication Mechanisms; Sniffing and Cracking Windows Authentication Exchanges; Cracking Offline Passwords; The Bottom Line; Chapter 5: Windows Ports and Services; Understanding Ports; Using Ports as Evidence; Understanding Windows Services; The Bottom Line; Part 2: Analyzing the Computer.
  • Chapter 6: Live-Analysis TechniquesFinding Evidence in Memory; Creating a Windows Live-Analysis Toolkit; Monitoring Communication with the Victim Box; Scanning the Victim System; The Bottom Line; Chapter 7: Windows Filesystems; Filesystems vs. Operating Systems; Understanding FAT Filesystems; Understanding NTFS Filesystems; Dealing with Alternate Data Streams; The exFAT Filesystem; The Bottom Line; Chapter 8: The Registry Structure; Understanding Registry Concepts; Performing Registry Research; Viewing the Registry with Forensic Tools; Using EnCase to View the Registry.
  • Using AccessData's Registry ViewerOther Tools; The Bottom Line; Chapter 9: Registry Evidence; Finding Information in the Software Key; Exploring Windows Security, Action Center, and Firewall Settings; Analyzing Restore Point Registry Settings; Windows XP Restore Point Content; Analyzing Volume Shadow Copies for Registry Settings; Exploring Security Identifiers; Investigating User Activity; Extracting LSA Secrets; Discovering IP Addresses; Compensating for Time Zone Offsets; Determining the Startup Locations; The Bottom Line; Chapter 10: Introduction to Malware.
  • Understanding the Purpose of Malware AnalysisMalware Analysis Tools and Techniques; The Bottom Line; Part 3: Analyzing the Logs; Chapter 11: Text-Based Logs; Parsing IIS Logs; Parsing FTP Logs; Parsing DHCP Server Logs; Parsing Windows Firewall Logs; Using Splunk; The Bottom Line; Chapter 12: Windows Event Logs; Understanding the Event Logs; Using Event Viewer; Searching with Event Viewer; The Bottom Line; Chapter 13: Logon and Account Logon Events; Begin at the Beginning; The Bottom Line; Chapter 14: Other Audit Events; The Exploitation of a Network; Examining System Log Entries; Examining Application Log Entries.