Cargando…
Practical Windows Forensics.
Over the last few years, the wave of the cybercrime has risen rapidly. We witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evidential data from...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Packt Publishing,
2016.
|
| Edición: | 1. |
| Temas: | |
| Acceso en línea: | Texto completo |
MARC
| LEADER | 00000cam a22000007a 4500 | ||
|---|---|---|---|
| 001 | EBOOKCENTRAL_ocn953234226 | ||
| 003 | OCoLC | ||
| 005 | 20240329122006.0 | ||
| 006 | m o d | ||
| 007 | cr |n||||||||| | ||
| 008 | 160708s2016 xx o 000 0 eng d | ||
| 040 | |a IDEBK |b eng |e pn |c IDEBK |d YDXCP |d OCLCQ |d COO |d FEM |d EBLCP |d MERUC |d OCLCQ |d DEBBG |d OCLCQ |d LVT |d OCLCF |d OCLCO |d OCLCQ |d OCLCO |d OCLCQ |d OCLCO |d K6U |d OCLCQ |d OCLCO | ||
| 019 | |a 953054099 |a 963270707 |a 968072618 |a 969053397 | ||
| 020 | |a 178355410X |q (ebk) | ||
| 020 | |a 9781783554102 |q (ebk) | ||
| 020 | |a 1783554096 | ||
| 020 | |a 9781783554096 | ||
| 020 | |z 1783554096 | ||
| 020 | |z 9781783554096 | ||
| 024 | 3 | |a 9781783554096 | |
| 029 | 1 | |a AU@ |b 000063687705 | |
| 035 | |a (OCoLC)953234226 |z (OCoLC)953054099 |z (OCoLC)963270707 |z (OCoLC)968072618 |z (OCoLC)969053397 | ||
| 037 | |a 936992 |b MIL | ||
| 050 | 4 | |a T55.4-60.8 | |
| 082 | 0 | 4 | |a 005.8 |
| 049 | |a UAMI | ||
| 100 | 1 | |a Shaaban, Ayman. | |
| 245 | 1 | 0 | |a Practical Windows Forensics. |
| 250 | |a 1. | ||
| 260 | |b Packt Publishing, |c 2016. | ||
| 300 | |a 1 online resource (322) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 347 | |a text file | ||
| 588 | 0 | |a Print version record. | |
| 520 | 8 | |a Over the last few years, the wave of the cybercrime has risen rapidly. We witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evidential data from digital evidence, and the best usage of the digital forensic tools and techniques. Here's where Linux comes in. There's a special Linux emulation environment in Windows that allows us be come on par with and experience Linux-like features. Regardless of your level of experience in the field of information security in general, Linux for Digital Forensics will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence properly, and walk you through various stages of the analysis process. We start by discussing the principles of the digital forensics process and move on to learning about the approaches that are used to conduct analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data. This will be followed by recovering data from hard drives and grasping how to use multiple tools to perform registry and system log analyses. Next, you will be taught to analyze browsers and e-mails as they are crucial aspects of investigations. We will then go on to extract data from a computer's memory and investigate network traffic, which is another important checkpoint. Lastly, you will learn a few ways in which you can present data because every investigator needs a work station where they can analyze forensic data. | |
| 505 | 0 | |a Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The Foundations and Principles of Digital Forensics; What is digital crime?; Digital forensics; Digital evidence; Digital forensic goals; Analysis approaches; Summary; Chapter 2: Incident Response and Live Analysis; Personal skills; Written communication; Oral communication; Presentation skills; Diplomacy; The ability to follow policies and procedures; Team skills; Integrity; Knowing one's limits; Coping with stress; Problem solving; Time management; Technical skills. | |
| 505 | 8 | |a Security fundamentalsSecurity principles; Security vulnerabilities and weaknesses; The Internet; Risks; Network protocols; Network applications and services; Network security issues; Host or system security issues; Malicious code; Programming skills; Incident handling skills; The hardware for IR and Jump Bag; Software; Live versus mortem; Volatile data; Nonvolatile data; Registry data; Remote live response; Summary; Chapter 3: Volatile Data Collection; Memory acquisition; Issues related to memory access; Choosing a tool; DumpIt; FTK Imager; Acquiring memory from a remote computer using iSCSI. | |
| 505 | 8 | |a Using the Sleuth KitNetwork-based data collection; Hubs; Switches; Tcpdump; Wireshark; Tshark; Dumpcap; Summary; Chapter 4: Nonvolatile Data Acquisition; Forensic image; Incident Response CDs; DEFT; Helix; Live imaging of a hard drive; FTK imager in live hard drive acquisition; Imaging over the network with FTK imager; Incident response CDs in live acquisition; Linux for the imaging of a hard drive; The dd tool; dd over the network; Virtualization in data acquisition; Evidence integrity (the hash function); Disk wiping in Linux; Summary; Chapter 5: Timeline; Timeline introduction. | |
| 505 | 8 | |a The Sleuth KitSuper timeline -- Plaso; Plaso architecture; Preprocessing; Collection; Worker; Storage; Plaso in practice; Analyzing the results; Summary; Chapter 6: Filesystem Analysis and Data Recovery; Hard drive structure; Master boot record; Partition boot sector; The filesystem area in partition; Data area; The FAT filesystem; FAT components; FAT limitations; The NTFS filesystem; NTFS components; Master File Table (MFT); The Sleuth Kit (TSK); Volume layer (media management); Filesystem layer; The metadata layer; istat; icat; ifind; The filename layer; Data unit layer (Block); blkcat. | |
| 505 | 8 | |a BlklsBlkcalc; Autopsy; Foremost; Summary; Chapter 7: Registry Analysis; The registry structure; Root keys; HKEY_CLASSES_ROOT or HKCR; HKEY_LOCAL_MACHINE; HKEY_USERS or HKU; HKEY_CURRENT_USER or HKCU; Mapping a hive to the filesystem; Backing up the registry files; Extracting registry hives; Extracting registry files from a live system; Extracting registry files from a forensic image; Parsing registry files; The base block; Hbin and CELL; Auto-run keys; Registry analysis; RegistryRipper; Sysinternals; MiTeC Windows registry recovery; Summary; Chapter 8: Event Log Analysis. | |
| 505 | 8 | |a Event Logs -- an introduction. | |
| 590 | |a ProQuest Ebook Central |b Ebook Central Academic Complete | ||
| 650 | 0 | |a Computer crimes |x Investigation. | |
| 650 | 6 | |a Criminalité informatique |x Enquêtes. | |
| 650 | 7 | |a Computer crimes |x Investigation |2 fast | |
| 776 | 0 | 8 | |i Print version: |a Shaaban, Ayman. |t Practical Windows Forensics. |b 1. |d Packt Publishing, 2016 |z 1783554096 |z 9781783554096 |w (OCoLC)948336626 |
| 856 | 4 | 0 | |u https://ebookcentral.uam.elogim.com/lib/uam-ebooks/detail.action?docID=4594307 |z Texto completo |
| 936 | |a BATCHLOAD | ||
| 938 | |a ProQuest Ebook Central |b EBLB |n EBL4594307 | ||
| 938 | |a ProQuest MyiLibrary Digital eBook Collection |b IDEB |n cis34515024 | ||
| 938 | |a YBP Library Services |b YANK |n 13057677 | ||
| 994 | |a 92 |b IZTAP | ||