Mastering Windows Network Forensics and Investigation and over one million other books are available for Amazon Kindle. Learn more
CDN$ 63.25
  • List Price: CDN$ 71.99
  • You Save: CDN$ 8.74 (12%)
Only 2 left in stock (more on the way).
Ships from and sold by
Gift-wrap available.
Mastering Windows Network... has been added to your Cart
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Mastering Windows Network Forensics and Investigation Paperback – Jun 26 2012

See all 2 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 63.25
CDN$ 26.39 CDN$ 33.26

Product Details

Product Description

From the Back Cover

Learn How to Conduct a Complete Computer Forensic Investigation

This professional guide teaches law enforcement personnel, prosecutors, and corporate investigators how to investigate crimes involving Windows computers and Windows networks. A top team of forensic experts details how and why Windows networks are targeted, shows you how to analyze computers and computer logs, explains chain of custody, and covers such tricky topics as how to gather accurate testimony from employees in politically charged corporate settings.

From recognizing high-tech criminal activity to presenting evidence in a way that juries and judges understand, this book thoroughly covers the range of skills, standards, and step-by-step procedures you need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.

Coverage includes:

  • Responding to a reported computer intrusion
  • Understanding how attackers exploit Windows networks
  • Deciphering Windows ports, services, file systems, and the registry
  • Examining suspects' computers and entire networks
  • Analyzing event logs and data using live analysis techniques
  • Exploring new complexities from cloud computing and virtualization

Investigate Computer Crimes in Windows Environments

Fully Updated for Windows Server 2008 and Windows 7

Discover How to Locate and Analyze an Attacker's Tools

Learn Detailed Windows Event Log Analysis

About the Author

Steve Anson, CISSP, EnCE, is the cofounder of Forward Discovery. He has previously served as a police officer, FBI High Tech Crimes Task Force agent, Special Agent with the U.S. DoD, and an instructor with the U.S. State Department Antiterrorism Assistance Program (ATA). He has trained hundreds of law enforcement officers around the world in techniques of digital forensics and investigation. Steve Bunting, EnCE, CCFT, has over 35 years of experience in law enforcement, and his background in computer forensics is extensive. He has conducted computer forensic examinations for numerous local, state, and federal agencies on a variety of cases, as well as testified in court as a computer forensics expert. He has taught computer forensics courses for Guidance Software and is currently a Senior Forensic Consultant with Forward Discovery. Ryan Johnson, DFCP, CFCE, EnCE, SCERS, is a Senior Forensic Consultant with Forward Discovery. He was a digital forensics examiner for the Durham, NC, police and a Media Exploitation Analyst with the U.S. Army. He is an instructor and developer with the ATA. Scott Pearson has trained law enforcement entities, military personnel, and network/system administrators in more than 20 countries for the ATA. He is also a certifying Instructor on the Cellebrite UFED Logical and Physical Analyzer Mobile Device Forensics tool and has served as an instructor for the DoD Computer Investigations Training Academy.

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on (beta) 5 reviews
14 of 14 people found the following review helpful
Great overview of incident response forensics July 24 2012
By Chad Tilbury - Published on
Format: Paperback
Mastering Windows Network Forensics and Investigations fills an interesting niche not well addressed in the pantheon of digital forensics resources. The material is well suited for beginning and intermediate forensic examiners looking to better understand network artifacts and go beyond single-system forensics. I highly recommend it for system administrators looking for a different perspective on network security or those interested in designing networks to be forensics-friendly. That said, the topics covered do not fit within the classical definition of network forensics. A more apt title might be Mastering Incident Response Forensics and Investigations.

This is the first book I have read in the Sybex Mastering series, and I was impressed with the writing, research, and editing. The authors blended dense material with relevant examples and insightful and engaging text boxes.

Some highlights:

- The event log coverage was excellent; a difficult and prosaic topic was explained in simple terms and with just the right amount of depth. One of my favorite sections included the recovery of event log fragments from free space.

- The chapters on the Windows registry were excellent and had space for rarely talked about advanced concepts like volatile hives, registry redirection and reflection, and registry virtualization.

- The investigative uses of XP Restore Points and Windows 7 Shadow Volumes tied in nicely with other topics.

- The new chapter on virtualization and cloud forensics is a good addition. Live response and data acquisition in virtualized environments like VMWare ESX was covered, and an intelligent discussion on how to prepare for collecting cloud data was started.

In this second edition (released in June 2012), it is obvious the authors took pains to include the most current information available. Windows 7, Server 2008R2, and their associated artifacts are discussed extensively. Guidance Software's EnCase v7 and Volatility 2.0 are both introduced. There are even references to computer crime cases occurring in 2012.

(This is an excerpt from my full review at
3 of 3 people found the following review helpful
Don't let the name fool you. This one has much more to offer than the name might imply. Nov. 22 2012
By John Sammons - Published on
Format: Paperback Verified Purchase
One of my new favorite forensic books. I strongly recommend this book for Windows forensics in general, not just for networks. Great explanations of various Windows artifacts, file systems, and much more. The network related topics are covered equally as well. The book is very well written in a way that is both understandable and engaging. This book can work for experts and those starting out as well. An excellent addition to anyone's forensic library.
Do not get the Kindle version!!! Jan. 27 2015
By Jeepers - Published on
Format: Kindle Edition Verified Purchase
I'm still trying to figure out how you create a Kindle book that has no page numbers. This is a required textbook for one of my classes and it is impossible to try to "turn to page" making it difficult to try to follow along with the lecture. There is no rhyme or reason for this "location nonsense". Had I known that there were no page numbers in the Kindle book I would have just rented the actual book. I can't even make proper notes to go back and review certain pages. A book is a book and they should all have page numbers!
Four Stars July 28 2014
By Afreed - Published on
Format: Paperback Verified Purchase
Good book, Needed it for class. Very informative and detailed on the aspects of Windows investigations
Five Stars Dec 27 2014
By Don K - Published on
Format: Kindle Edition Verified Purchase
Great book!