Cargando…
Practical Windows Forensics.
Over the last few years, the wave of the cybercrime has risen rapidly. We witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evidential data from...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Packt Publishing,
2016.
|
| Edición: | 1. |
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover; Copyright; Credits; About the Authors; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The Foundations and Principles of Digital Forensics; What is digital crime?; Digital forensics; Digital evidence; Digital forensic goals; Analysis approaches; Summary; Chapter 2: Incident Response and Live Analysis; Personal skills; Written communication; Oral communication; Presentation skills; Diplomacy; The ability to follow policies and procedures; Team skills; Integrity; Knowing one's limits; Coping with stress; Problem solving; Time management; Technical skills.
- Security fundamentalsSecurity principles; Security vulnerabilities and weaknesses; The Internet; Risks; Network protocols; Network applications and services; Network security issues; Host or system security issues; Malicious code; Programming skills; Incident handling skills; The hardware for IR and Jump Bag; Software; Live versus mortem; Volatile data; Nonvolatile data; Registry data; Remote live response; Summary; Chapter 3: Volatile Data Collection; Memory acquisition; Issues related to memory access; Choosing a tool; DumpIt; FTK Imager; Acquiring memory from a remote computer using iSCSI.
- Using the Sleuth KitNetwork-based data collection; Hubs; Switches; Tcpdump; Wireshark; Tshark; Dumpcap; Summary; Chapter 4: Nonvolatile Data Acquisition; Forensic image; Incident Response CDs; DEFT; Helix; Live imaging of a hard drive; FTK imager in live hard drive acquisition; Imaging over the network with FTK imager; Incident response CDs in live acquisition; Linux for the imaging of a hard drive; The dd tool; dd over the network; Virtualization in data acquisition; Evidence integrity (the hash function); Disk wiping in Linux; Summary; Chapter 5: Timeline; Timeline introduction.
- The Sleuth KitSuper timeline
- Plaso; Plaso architecture; Preprocessing; Collection; Worker; Storage; Plaso in practice; Analyzing the results; Summary; Chapter 6: Filesystem Analysis and Data Recovery; Hard drive structure; Master boot record; Partition boot sector; The filesystem area in partition; Data area; The FAT filesystem; FAT components; FAT limitations; The NTFS filesystem; NTFS components; Master File Table (MFT); The Sleuth Kit (TSK); Volume layer (media management); Filesystem layer; The metadata layer; istat; icat; ifind; The filename layer; Data unit layer (Block); blkcat.
- BlklsBlkcalc; Autopsy; Foremost; Summary; Chapter 7: Registry Analysis; The registry structure; Root keys; HKEY_CLASSES_ROOT or HKCR; HKEY_LOCAL_MACHINE; HKEY_USERS or HKU; HKEY_CURRENT_USER or HKCU; Mapping a hive to the filesystem; Backing up the registry files; Extracting registry hives; Extracting registry files from a live system; Extracting registry files from a forensic image; Parsing registry files; The base block; Hbin and CELL; Auto-run keys; Registry analysis; RegistryRipper; Sysinternals; MiTeC Windows registry recovery; Summary; Chapter 8: Event Log Analysis.
- Event Logs
- an introduction.