Cargando…

Practical Windows forensics : leverage the power of digital forensics for Windows systems /

About This BookBuild your own lab environment to analyze forensic data and practice techniques.This book offers meticulous coverage with an example-driven approach and helps you build the key skills of performing forensics on Windows-based systems using digital artifacts.It uses specific open source...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Shaaban, Ayman (Autor), Sapronov, Konstantin (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Birmingham, UK : Packt Publishing, 2016.
Colección:Community experience distilled.
Temas:
Acceso en línea:Texto completo
Texto completo

MARC

LEADER 00000cam a2200000Ii 4500
001 EBSCO_ocn953694634
003 OCoLC
005 20231017213018.0
006 m o d
007 cr unu||||||||
008 160718s2016 enka o 000 0 eng d
040 |a UMI  |b eng  |e rda  |e pn  |c UMI  |d OCLCF  |d KSU  |d DEBBG  |d DEBSZ  |d OCLCA  |d CEF  |d N$T  |d OCLCA  |d AGLDB  |d IGB  |d STF  |d YDXIT  |d OCLCO  |d OCLCQ  |d QGK  |d OCLCO 
019 |a 1259272339 
020 |a 9781783554102  |q (electronic bk.) 
020 |a 178355410X  |q (electronic bk.) 
020 |z 9781783554096 
020 |z 1783554096 
029 1 |a DEBBG  |b BV043969780 
029 1 |a DEBSZ  |b 485803089 
029 1 |a GBVCP  |b 882757806 
035 |a (OCoLC)953694634  |z (OCoLC)1259272339 
037 |a CL0500000763  |b Safari Books Online 
050 4 |a HV8079.C65  |b S53 2016 
072 7 |a COM  |x 043050  |2 bisacsh 
082 0 4 |a 005.8  |2 23 
049 |a UAMI 
100 1 |a Shaaban, Ayman,  |e author. 
245 1 0 |a Practical Windows forensics :  |b leverage the power of digital forensics for Windows systems /  |c Ayman Shaaban, Konstantin Sapronov. 
264 1 |a Birmingham, UK :  |b Packt Publishing,  |c 2016. 
300 |a 1 online resource (314 pages) :  |b illustrations. 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
347 |a text file 
490 1 |a Community experience distilled 
505 0 |a Cover -- Copyright -- Credits -- About the Authors -- About the Reviewers -- www.PacktPub.com -- Table of Contents -- Preface -- Chapter 1: The Foundations and Principles of Digital Forensics -- What is digital crime? -- Digital forensics -- Digital evidence -- Digital forensic goals -- Analysis approaches -- Summary -- Chapter 2: Incident Response and Live Analysis -- Personal skills -- Written communication -- Oral communication -- Presentation skills -- Diplomacy -- The ability to follow policies and procedures -- Team skills -- Integrity -- Knowing one's limits -- Coping with stress -- Problem solving -- Time management -- Technical skills -- Security fundamentals -- Security principles -- Security vulnerabilities and weaknesses -- The Internet -- Risks -- Network protocols -- Network applications and services -- Network security issues -- Host or system security issues -- Malicious code -- Programming skills -- Incident handling skills -- The hardware for IR and Jump Bag -- Software -- Live versus mortem -- Volatile data -- Nonvolatile data -- Registry data -- Remote live response -- Summary -- Chapter 3: Volatile Data Collection -- Memory acquisition -- Issues related to memory access -- Choosing a tool -- DumpIt -- FTK Imager -- Acquiring memory from a remote computer using iSCSI -- Using the Sleuth Kit -- Network-based data collection -- Hubs -- Switches -- Tcpdump -- Wireshark -- Tshark -- Dumpcap -- Summary -- Chapter 4: Nonvolatile Data Acquisition -- Forensic image -- Incident Response CDs -- DEFT -- Helix -- Live imaging of a hard drive -- FTK imager in live hard drive acquisition -- Imaging over the network with FTK imager -- Incident response CDs in live acquisition -- Linux for the imaging of a hard drive -- The dd tool -- dd over the network -- Virtualization in data acquisition -- Evidence integrity (the hash function). 
505 8 |a Disk wiping in Linux -- Summary -- Chapter 5: Timeline -- Timeline introduction -- The Sleuth Kit -- Super timeline -- Plaso -- Plaso architecture -- Preprocessing -- Collection -- Worker -- Storage -- Plaso in practice -- Analyzing the results -- Summary -- Chapter 6: Filesystem Analysis and Data Recovery -- Hard drive structure -- Master boot record -- Partition boot sector -- The filesystem area in partition -- Data area -- The FAT filesystem -- FAT components -- FAT limitations -- The NTFS filesystem -- NTFS components -- Master File Table (MFT) -- The Sleuth Kit (TSK) -- Volume layer (media management) -- Filesystem layer -- The metadata layer -- istat -- icat -- ifind -- The filename layer -- Data unit layer (Block) -- blkcat -- blkls -- Blkcalc -- Autopsy -- Foremost -- Summary -- Chapter 7: Registry Analysis -- The registry structure -- Root keys -- HKEY_CLASSES_ROOT or HKCR -- HKEY_LOCAL_MACHINE -- HKEY_USERS or HKU -- HKEY_CURRENT_USER or HKCU -- Mapping a hive to the filesystem -- Backing up the registry files -- Extracting registry hives -- Extracting registry files from a live system -- Extracting registry files from a forensic image -- Parsing registry files -- The base block -- Hbin and CELL -- Auto-run keys -- Registry analysis -- RegistryRipper -- Sysinternals -- MiTeC Windows registry recovery -- Summary -- Chapter 8: Event Log Analysis -- Event Logs -- an introduction -- Event Logs system -- Security Event Logs -- Extracting Event Logs -- Live systems -- Offline system -- Event Viewer -- Event Log Explorer -- Useful resources -- Analyzing the event log -- an example -- Summary -- Chapter 9: Windows Files -- Windows prefetch files -- Prefetch file analysis -- Windows tasks -- Windows Thumbs DB -- Thumbcache analysis -- Corrupted Windows.edb files -- Windows RecycleBin -- RECYCLER -- Recycle.bin -- Windows shortcut files. 
505 8 |a Shortcut analysis -- Summary -- Chapter 10: Browser and E-mail Investigation -- Browser investigation -- Microsoft Internet Explorer -- History files -- History.IE5 -- IEHistoryView -- BrowsingHistoryView -- MiTeC Internet History browser -- Cache -- Content.IE5 -- IECacheView -- Msiecf parser (Plaso framework) -- Cookies -- IECookiesView -- Favorites -- FavoritesView -- Session restore -- MiTeC SSV -- Inprivate mode -- WebCacheV#.dat -- ESEDatabaseView -- Firefox -- Places.sqlite -- MozillaHistoryView -- Cookies.sqlite -- MozillaCookiesView -- Cache -- MozillaCacheView -- Other browsers -- E-mail investigation -- Outlook PST file -- Outlook OST files -- EML and MSG files -- DBX (Outlook Express) -- PFF Analysis (libpff) -- Other tools -- Summary -- Chapter 11: Memory Forensics -- Memory structure -- Memory acquisition -- The sources of memory dump -- Hibernation file -- Crash dump -- Page files -- Processes in memory -- Network connections in memory -- The DLL injection -- Remote DLL injection -- Remote code injection -- Reflective DLL injection -- API hooking -- Memory analysis -- The volatility framework -- Volatility plugins -- imagecopy -- raw2dmp -- imageprofile -- pslist -- psscan -- pstree -- psxview -- getsids -- dlllist -- handles -- filescan -- procexedump -- memdump -- svcscan -- connections -- connscan -- sockets -- sockscan -- Netscan -- hivelist and printkey -- malfind -- vaddump -- apihooks -- mftparser -- Summary -- Chapter 12: Network Forensics -- Network data collection -- Exploring logs -- Using tcpdump -- Using tshark -- Using WireShark -- Fields with more information -- Knowing Bro -- Summary -- Appendix A: Building a Forensic Analysis Environment -- Factors that need to be considered -- Size -- Environment control -- Security -- Software -- Hardware -- Virtualization -- Virtualization benefits for forensics. 
505 8 |a The distributed forensic system -- GRR -- Server installation -- Client installation -- Browsing with the newly-connected client -- Start a new flow -- Appendix B: Case Study -- Introduction -- Scenario -- Acquisition -- Live analysis -- The running processes -- Network activities -- Autorun keys -- Prefetch files -- Browser analysis -- Postmortem analysis -- Memory analysis -- Network analysis -- Timeline analysis -- Summary -- Index. 
520 |a About This BookBuild your own lab environment to analyze forensic data and practice techniques.This book offers meticulous coverage with an example-driven approach and helps you build the key skills of performing forensics on Windows-based systems using digital artifacts.It uses specific open source and Linux-based tools so you can become proficient at analyzing forensic data and upgrade your existing knowledge.Who This Book Is For This book targets forensic analysts and professionals who would like to develop skills in digital forensic analysis for the Windows platform. You will acquire proficiency, knowledge, and core skills to undertake forensic analysis of digital data. Prior experience of information security and forensic analysis would be helpful. You will gain knowledge and an understanding of performing forensic analysis with tools especially built for the Windows platform. What You Will LearnPerform live analysis on victim or suspect Windows systems locally or remotelyUnderstand the different natures and acquisition techniques of volatile and non-volatile dataCreate a timeline of all the system actions to restore the history of an incidentRecover and analyze data from FAT and NTFS file systemsMake use of various tools to perform registry analysisTrack a system user's browser and e-mail activities to prove or refute some hypothesesGet to know how to dump and analyze computer memoryIn Detail Practical Windows Forensics starts by discussing the principles of the digital forensics process and move on to show you the approaches used in conducting analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data. Tracking attacks and crimes requires a deep understanding of operating system operations, how to extract evidential data from digital evidence, and the. 
520 8 |a Best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process. 
588 |a Description based on online resource; title from cover page (Safari, viewed July 13, 2016). 
590 |a eBooks on EBSCOhost  |b EBSCO eBook Subscription Academic Collection - Worldwide 
590 |a O'Reilly  |b O'Reilly Online Learning: Academic/Public Library Edition 
630 0 0 |a Microsoft Windows (Computer file) 
630 0 7 |a Microsoft Windows (Computer file)  |2 fast 
650 0 |a Computer crimes  |x Investigation. 
650 0 |a Computer networks  |x Security measures. 
650 0 |a Computer security. 
650 2 |a Computer Security 
650 6 |a Criminalité informatique  |x Enquêtes. 
650 6 |a Réseaux d'ordinateurs  |x Sécurité  |x Mesures. 
650 6 |a Sécurité informatique. 
650 7 |a COMPUTERS / Security / Networking.  |2 bisacsh 
650 7 |a Computer crimes  |x Investigation  |2 fast 
650 7 |a Computer networks  |x Security measures  |2 fast 
650 7 |a Computer security  |2 fast 
700 1 |a Sapronov, Konstantin,  |e author. 
776 0 8 |i Print version:  |a Shaaban, Ayman  |t Practical Windows Forensics  |d Birmingham : Packt Publishing, Limited,c2016. 
830 0 |a Community experience distilled. 
856 4 0 |u https://ebsco.uam.elogim.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1261877  |z Texto completo 
856 4 0 |u https://learning.oreilly.com/library/view/~/9781783554096/?ar  |z Texto completo 
938 |a EBSCOhost  |b EBSC  |n 1261877 
994 |a 92  |b IZTAP