Cargando…
Windows forensic analysis toolkit : advanced analysis techniques for Windows 8 /
Harlan Carvey has updated Windows Forensic Analysis Toolkit, now in its fourth edition, to cover Windows 8 systems. The primary focus of this edition is on analyzing Windows 8 systems and processes using free and open-source tools. The book covers live response, file analysis, malware detection, tim...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Rockland :
Syngress,
2014.
|
| Edición: | Fourth edition. |
| Temas: | |
| Acceso en línea: | Texto completo |
MARC
| LEADER | 00000cam a2200000 i 4500 | ||
|---|---|---|---|
| 001 | SCIDIR_ocn874017518 | ||
| 003 | OCoLC | ||
| 005 | 20231120111534.0 | ||
| 006 | m o d | ||
| 007 | cr cnu---unuuu | ||
| 008 | 140320s2014 nyua ob 001 0 eng d | ||
| 040 | |a OPELS |b eng |e rda |e pn |c OPELS |d E7B |d UMI |d OCLCO |d DEBBG |d DEBSZ |d YDXCP |d VLB |d RIV |d COO |d OCLCQ |d YDX |d LIV |d OCLCQ |d OCLCO |d OCLCA |d OCLCQ |d OCLCF |d VVB |d U3W |d D6H |d CEF |d INT |d OTZ |d OCLCA |d OCLCQ |d AUD |d AU@ |d OCLCQ |d OCLCO |d OCLCQ | ||
| 019 | |a 880898386 |a 966353441 |a 993682488 |a 1018193036 |a 1304986380 | ||
| 020 | |a 9780124171749 | ||
| 020 | |a 0124171745 | ||
| 020 | |z 9780124171572 | ||
| 020 | |z 0124171575 | ||
| 035 | |a (OCoLC)874017518 |z (OCoLC)880898386 |z (OCoLC)966353441 |z (OCoLC)993682488 |z (OCoLC)1018193036 |z (OCoLC)1304986380 | ||
| 050 | 4 | |a HV8079.C65 |b C3726 2014eb | |
| 082 | 0 | 4 | |a 363.25968 |2 23 |
| 100 | 1 | |a Carvey, Harlan A., |e author. | |
| 245 | 1 | 0 | |a Windows forensic analysis toolkit : |b advanced analysis techniques for Windows 8 / |c Harlan Carvey. |
| 250 | |a Fourth edition. | ||
| 264 | 1 | |a Rockland : |b Syngress, |c 2014. | |
| 300 | |a 1 online resource | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 520 | |a Harlan Carvey has updated Windows Forensic Analysis Toolkit, now in its fourth edition, to cover Windows 8 systems. The primary focus of this edition is on analyzing Windows 8 systems and processes using free and open-source tools. The book covers live response, file analysis, malware detection, timeline, and much more. Harlan Carvey presents real-life experiences from the trenches, making the material realistic and showing the why behind the how. The companion and toolkit materials are hosted online. This material consists of electronic printable checklists, cheat sheets, free custom tools, and walk-through demos. This edition complements Windows Forensic Analysis Toolkit, Second Edition, which focuses primarily on XP, and Windows Forensic Analysis Toolkit, Third Edition, which focuses primarily on Windows 7. This new fourth edition provides expanded coverage of many topics beyond Windows 8 as well, including new cradle-to-grave case examples, USB device analysis, hacking and intrusion cases, and "how would I do this" from Harlan's personal case files and questions he has received from readers. The fourth edition also includes an all-new chapter on reporting. Complete coverage and examples of Windows 8 systems Contains lessons from the field, case studies, and war stories Companion online toolkit material, including electronic printable checklists, cheat sheets, custom tools, and walk-throughs. | ||
| 588 | 0 | |a Print version record. | |
| 504 | |a Includes bibliographical references and index. | ||
| 505 | 0 | |a Front Cover; Windows Forensic Analysis Toolkit; Copyright Page; Contents; Preface; Intended Audience; Organization of This Book; DVD Contents; Acknowledgments; About the Author; About the Technical Editor; 1 Analysis Concepts; Introduction; Analysis concepts; Windows versions; Analysis principles; Goals; Tools versus processes; The tool validation myth-odology; Locard's exchange principle; Avoiding speculation; Direct and indirect artifacts; Least frequency of occurrence; Documentation; Convergence; Virtualization; Setting up an analysis system; Summary; 2 Incident Preparation; Introduction. | |
| 505 | 8 | |a Being prepared to respondQuestions; The importance of preparation; Logs; Data collection; Training; Business models; Summary; 3 Volume Shadow Copies; Introduction; What are "volume shadow copies"?; Registry keys; Live systems; ProDiscover; F-Response; Acquired images; VHD method; VMWare method; Automating VSC access; ProDiscover; Windows 8; Summary; Reference; 4 File Analysis; Introduction; MFT; File system tunneling; TriForce; Event logs; Windows Event Log; Recycle bin; Prefetch files; Scheduled tasks; Jump lists; Hibernation files; Application files; Antivirus logs; Skype; Apple products. | |
| 505 | 8 | |a Image filesSummary; References; 5 Registry Analysis; Introduction; Registry analysis; Registry nomenclature; The registry as a log file; USB device analysis; System hive; Services; Bluetooth; Software hive; Application analysis; NetworkList; NetworkCards; Scheduled tasks; User hives; WordWheelQuery; Shellbags; MenuOrder; MUICache; UserAssist; Photos; Virtual PC; TypedPaths; Additional sources; RegIdleBackup; Volume shadow copies; Virtualization; Memory; Tools; Summary; References; 6 Malware Detection; Introduction; Malware Characteristics; Initial infection vector; Propagation mechanism. | |
| 505 | 8 | |a Persistence mechanismArtifacts; Detecting Malware; Log analysis; Dr. Watson logs; AV scans; AV write ups; Digging deeper; Packed files; Digital signatures; Windows File Protection; Alternate data streams; PE file compile times; Master boot record infectors; Registry analysis; Internet activity; Additional detection mechanisms; Seeded sites; Summary; References; 7 Timeline Analysis; Introduction; Timelines; Data sources; Time formats; Concepts; Benefits; Format; Time; Source; System; User; Description; TLN format; Creating Timelines; File system metadata; Event logs; Windows XP; Windows 7. | |
| 505 | 8 | |a Prefetch filesRegistry data; Additional sources; Parsing events into a timeline; Thoughts on visualization; Case Study; Summary; 8 Correlating Artifacts; Introduction; How-Tos; Correlating Windows shortcuts to USB devices; Demonstrate user access to files; IE browser analysis; Detecting system time change; Who ran defrag?; Determine data exfiltration; Finding something "new"; Summary; 9 Reporting; Introduction; Goals; Incident triage; Case Notes; Documenting your analysis; Reporting; Format; Executive summary; Body; Background; Analysis; Conclusions; Writing tips; Peer review; Summary; Index. | |
| 630 | 0 | 0 | |a Microsoft Windows (Computer file) |
| 650 | 0 | |a Computer crimes |x Investigation |x Methodology. | |
| 650 | 0 | |a Computer networks |x Security measures. | |
| 650 | 0 | |a Internet |x Security measures. | |
| 650 | 0 | |a Computer security. | |
| 650 | 6 | |a Criminalit�e informatique |0 (CaQQLa)201-0278229 |x Enqu�etes |0 (CaQQLa)201-0278229 |x M�ethodologie. |0 (CaQQLa)201-0379663 | |
| 650 | 6 | |a R�eseaux d'ordinateurs |x S�ecurit�e |x Mesures. |0 (CaQQLa)201-0263812 | |
| 650 | 6 | |a Internet |x S�ecurit�e |x Mesures. |0 (CaQQLa)201-0460601 | |
| 650 | 6 | |a S�ecurit�e informatique. |0 (CaQQLa)201-0061152 | |
| 630 | 0 | 7 | |a Microsoft Windows (Computer file) |2 fast |0 (OCoLC)fst01367862 |
| 650 | 7 | |a Computer networks |x Security measures. |2 fast |0 (OCoLC)fst00872341 | |
| 650 | 7 | |a Computer security. |2 fast |0 (OCoLC)fst00872484 | |
| 650 | 7 | |a Internet |x Security measures. |2 fast |0 (OCoLC)fst01751426 | |
| 776 | 0 | 8 | |i Print version: |a Carvey, Harlan A. |t Windows forensic analysis toolkit. |b Fourth edition |z 9780124171572 |w (OCoLC)872701493 |
| 856 | 4 | 0 | |u https://sciencedirect.uam.elogim.com/science/book/9780124171572 |z Texto completo |