Practical Windows forensics : leverage the power of digital forensics for Windows systems /
About This BookBuild your own lab environment to analyze forensic data and practice techniques.This book offers meticulous coverage with an example-driven approach and helps you build the key skills of performing forensics on Windows-based systems using digital artifacts.It uses specific open source...
Clasificación: | Libro Electrónico |
---|---|
Autores principales: | , |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Birmingham, UK :
Packt Publishing,
2016.
|
Colección: | Community experience distilled.
|
Temas: | |
Acceso en línea: | Texto completo Texto completo |
MARC
LEADER | 00000cam a2200000Ii 4500 | ||
---|---|---|---|
001 | EBSCO_ocn953694634 | ||
003 | OCoLC | ||
005 | 20231017213018.0 | ||
006 | m o d | ||
007 | cr unu|||||||| | ||
008 | 160718s2016 enka o 000 0 eng d | ||
040 | |a UMI |b eng |e rda |e pn |c UMI |d OCLCF |d KSU |d DEBBG |d DEBSZ |d OCLCA |d CEF |d N$T |d OCLCA |d AGLDB |d IGB |d STF |d YDXIT |d OCLCO |d OCLCQ |d QGK |d OCLCO | ||
019 | |a 1259272339 | ||
020 | |a 9781783554102 |q (electronic bk.) | ||
020 | |a 178355410X |q (electronic bk.) | ||
020 | |z 9781783554096 | ||
020 | |z 1783554096 | ||
029 | 1 | |a DEBBG |b BV043969780 | |
029 | 1 | |a DEBSZ |b 485803089 | |
029 | 1 | |a GBVCP |b 882757806 | |
035 | |a (OCoLC)953694634 |z (OCoLC)1259272339 | ||
037 | |a CL0500000763 |b Safari Books Online | ||
050 | 4 | |a HV8079.C65 |b S53 2016 | |
072 | 7 | |a COM |x 043050 |2 bisacsh | |
082 | 0 | 4 | |a 005.8 |2 23 |
049 | |a UAMI | ||
100 | 1 | |a Shaaban, Ayman, |e author. | |
245 | 1 | 0 | |a Practical Windows forensics : |b leverage the power of digital forensics for Windows systems / |c Ayman Shaaban, Konstantin Sapronov. |
264 | 1 | |a Birmingham, UK : |b Packt Publishing, |c 2016. | |
300 | |a 1 online resource (314 pages) : |b illustrations. | ||
336 | |a text |b txt |2 rdacontent | ||
337 | |a computer |b c |2 rdamedia | ||
338 | |a online resource |b cr |2 rdacarrier | ||
347 | |a text file | ||
490 | 1 | |a Community experience distilled | |
505 | 0 | |a Cover -- Copyright -- Credits -- About the Authors -- About the Reviewers -- www.PacktPub.com -- Table of Contents -- Preface -- Chapter 1: The Foundations and Principles of Digital Forensics -- What is digital crime? -- Digital forensics -- Digital evidence -- Digital forensic goals -- Analysis approaches -- Summary -- Chapter 2: Incident Response and Live Analysis -- Personal skills -- Written communication -- Oral communication -- Presentation skills -- Diplomacy -- The ability to follow policies and procedures -- Team skills -- Integrity -- Knowing one's limits -- Coping with stress -- Problem solving -- Time management -- Technical skills -- Security fundamentals -- Security principles -- Security vulnerabilities and weaknesses -- The Internet -- Risks -- Network protocols -- Network applications and services -- Network security issues -- Host or system security issues -- Malicious code -- Programming skills -- Incident handling skills -- The hardware for IR and Jump Bag -- Software -- Live versus mortem -- Volatile data -- Nonvolatile data -- Registry data -- Remote live response -- Summary -- Chapter 3: Volatile Data Collection -- Memory acquisition -- Issues related to memory access -- Choosing a tool -- DumpIt -- FTK Imager -- Acquiring memory from a remote computer using iSCSI -- Using the Sleuth Kit -- Network-based data collection -- Hubs -- Switches -- Tcpdump -- Wireshark -- Tshark -- Dumpcap -- Summary -- Chapter 4: Nonvolatile Data Acquisition -- Forensic image -- Incident Response CDs -- DEFT -- Helix -- Live imaging of a hard drive -- FTK imager in live hard drive acquisition -- Imaging over the network with FTK imager -- Incident response CDs in live acquisition -- Linux for the imaging of a hard drive -- The dd tool -- dd over the network -- Virtualization in data acquisition -- Evidence integrity (the hash function). | |
505 | 8 | |a Disk wiping in Linux -- Summary -- Chapter 5: Timeline -- Timeline introduction -- The Sleuth Kit -- Super timeline -- Plaso -- Plaso architecture -- Preprocessing -- Collection -- Worker -- Storage -- Plaso in practice -- Analyzing the results -- Summary -- Chapter 6: Filesystem Analysis and Data Recovery -- Hard drive structure -- Master boot record -- Partition boot sector -- The filesystem area in partition -- Data area -- The FAT filesystem -- FAT components -- FAT limitations -- The NTFS filesystem -- NTFS components -- Master File Table (MFT) -- The Sleuth Kit (TSK) -- Volume layer (media management) -- Filesystem layer -- The metadata layer -- istat -- icat -- ifind -- The filename layer -- Data unit layer (Block) -- blkcat -- blkls -- Blkcalc -- Autopsy -- Foremost -- Summary -- Chapter 7: Registry Analysis -- The registry structure -- Root keys -- HKEY_CLASSES_ROOT or HKCR -- HKEY_LOCAL_MACHINE -- HKEY_USERS or HKU -- HKEY_CURRENT_USER or HKCU -- Mapping a hive to the filesystem -- Backing up the registry files -- Extracting registry hives -- Extracting registry files from a live system -- Extracting registry files from a forensic image -- Parsing registry files -- The base block -- Hbin and CELL -- Auto-run keys -- Registry analysis -- RegistryRipper -- Sysinternals -- MiTeC Windows registry recovery -- Summary -- Chapter 8: Event Log Analysis -- Event Logs -- an introduction -- Event Logs system -- Security Event Logs -- Extracting Event Logs -- Live systems -- Offline system -- Event Viewer -- Event Log Explorer -- Useful resources -- Analyzing the event log -- an example -- Summary -- Chapter 9: Windows Files -- Windows prefetch files -- Prefetch file analysis -- Windows tasks -- Windows Thumbs DB -- Thumbcache analysis -- Corrupted Windows.edb files -- Windows RecycleBin -- RECYCLER -- Recycle.bin -- Windows shortcut files. | |
505 | 8 | |a Shortcut analysis -- Summary -- Chapter 10: Browser and E-mail Investigation -- Browser investigation -- Microsoft Internet Explorer -- History files -- History.IE5 -- IEHistoryView -- BrowsingHistoryView -- MiTeC Internet History browser -- Cache -- Content.IE5 -- IECacheView -- Msiecf parser (Plaso framework) -- Cookies -- IECookiesView -- Favorites -- FavoritesView -- Session restore -- MiTeC SSV -- Inprivate mode -- WebCacheV#.dat -- ESEDatabaseView -- Firefox -- Places.sqlite -- MozillaHistoryView -- Cookies.sqlite -- MozillaCookiesView -- Cache -- MozillaCacheView -- Other browsers -- E-mail investigation -- Outlook PST file -- Outlook OST files -- EML and MSG files -- DBX (Outlook Express) -- PFF Analysis (libpff) -- Other tools -- Summary -- Chapter 11: Memory Forensics -- Memory structure -- Memory acquisition -- The sources of memory dump -- Hibernation file -- Crash dump -- Page files -- Processes in memory -- Network connections in memory -- The DLL injection -- Remote DLL injection -- Remote code injection -- Reflective DLL injection -- API hooking -- Memory analysis -- The volatility framework -- Volatility plugins -- imagecopy -- raw2dmp -- imageprofile -- pslist -- psscan -- pstree -- psxview -- getsids -- dlllist -- handles -- filescan -- procexedump -- memdump -- svcscan -- connections -- connscan -- sockets -- sockscan -- Netscan -- hivelist and printkey -- malfind -- vaddump -- apihooks -- mftparser -- Summary -- Chapter 12: Network Forensics -- Network data collection -- Exploring logs -- Using tcpdump -- Using tshark -- Using WireShark -- Fields with more information -- Knowing Bro -- Summary -- Appendix A: Building a Forensic Analysis Environment -- Factors that need to be considered -- Size -- Environment control -- Security -- Software -- Hardware -- Virtualization -- Virtualization benefits for forensics. | |
505 | 8 | |a The distributed forensic system -- GRR -- Server installation -- Client installation -- Browsing with the newly-connected client -- Start a new flow -- Appendix B: Case Study -- Introduction -- Scenario -- Acquisition -- Live analysis -- The running processes -- Network activities -- Autorun keys -- Prefetch files -- Browser analysis -- Postmortem analysis -- Memory analysis -- Network analysis -- Timeline analysis -- Summary -- Index. | |
520 | |a About This BookBuild your own lab environment to analyze forensic data and practice techniques.This book offers meticulous coverage with an example-driven approach and helps you build the key skills of performing forensics on Windows-based systems using digital artifacts.It uses specific open source and Linux-based tools so you can become proficient at analyzing forensic data and upgrade your existing knowledge.Who This Book Is For This book targets forensic analysts and professionals who would like to develop skills in digital forensic analysis for the Windows platform. You will acquire proficiency, knowledge, and core skills to undertake forensic analysis of digital data. Prior experience of information security and forensic analysis would be helpful. You will gain knowledge and an understanding of performing forensic analysis with tools especially built for the Windows platform. What You Will LearnPerform live analysis on victim or suspect Windows systems locally or remotelyUnderstand the different natures and acquisition techniques of volatile and non-volatile dataCreate a timeline of all the system actions to restore the history of an incidentRecover and analyze data from FAT and NTFS file systemsMake use of various tools to perform registry analysisTrack a system user's browser and e-mail activities to prove or refute some hypothesesGet to know how to dump and analyze computer memoryIn Detail Practical Windows Forensics starts by discussing the principles of the digital forensics process and move on to show you the approaches used in conducting analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data. Tracking attacks and crimes requires a deep understanding of operating system operations, how to extract evidential data from digital evidence, and the. | ||
520 | 8 | |a Best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process. | |
588 | |a Description based on online resource; title from cover page (Safari, viewed July 13, 2016). | ||
590 | |a eBooks on EBSCOhost |b EBSCO eBook Subscription Academic Collection - Worldwide | ||
590 | |a O'Reilly |b O'Reilly Online Learning: Academic/Public Library Edition | ||
630 | 0 | 0 | |a Microsoft Windows (Computer file) |
630 | 0 | 7 | |a Microsoft Windows (Computer file) |2 fast |
650 | 0 | |a Computer crimes |x Investigation. | |
650 | 0 | |a Computer networks |x Security measures. | |
650 | 0 | |a Computer security. | |
650 | 2 | |a Computer Security | |
650 | 6 | |a Criminalité informatique |x Enquêtes. | |
650 | 6 | |a Réseaux d'ordinateurs |x Sécurité |x Mesures. | |
650 | 6 | |a Sécurité informatique. | |
650 | 7 | |a COMPUTERS / Security / Networking. |2 bisacsh | |
650 | 7 | |a Computer crimes |x Investigation |2 fast | |
650 | 7 | |a Computer networks |x Security measures |2 fast | |
650 | 7 | |a Computer security |2 fast | |
700 | 1 | |a Sapronov, Konstantin, |e author. | |
776 | 0 | 8 | |i Print version: |a Shaaban, Ayman |t Practical Windows Forensics |d Birmingham : Packt Publishing, Limited,c2016. |
830 | 0 | |a Community experience distilled. | |
856 | 4 | 0 | |u https://ebsco.uam.elogim.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1261877 |z Texto completo |
856 | 4 | 0 | |u https://learning.oreilly.com/library/view/~/9781783554096/?ar |z Texto completo |
938 | |a EBSCOhost |b EBSC |n 1261877 | ||
994 | |a 92 |b IZTAP |