From the Back Cover
Learn How to Conduct a Complete Computer Forensic Investigation
This professional guide teaches law enforcement personnel, prosecutors, and corporate investigators how to investigate crimes involving Windows computers and Windows networks. A top team of forensic experts details how and why Windows networks are targeted, shows you how to analyze computers and computer logs, explains chain of custody, and covers such tricky topics as how to gather accurate testimony from employees in politically charged corporate settings.
From recognizing high-tech criminal activity to presenting evidence in a way that juries and judges understand, this book thoroughly covers the range of skills, standards, and step-by-step procedures you need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.
- Responding to a reported computer intrusion
- Understanding how attackers exploit Windows networks
- Deciphering Windows ports, services, file systems, and the registry
- Examining suspects' computers and entire networks
- Analyzing event logs and data using live analysis techniques
- Exploring new complexities from cloud computing and virtualization
Investigate Computer Crimes in Windows Environments
Fully Updated for Windows Server 2008 and Windows 7
Discover How to Locate and Analyze an Attacker's Tools
Learn Detailed Windows Event Log Analysis
About the Author
, CISSP, EnCE, is the cofounder of Forward Discovery. He has previously served as a police officer, FBI High Tech Crimes Task Force agent, Special Agent with the U.S. DoD, and an instructor with the U.S. State Department Antiterrorism Assistance Program (ATA). He has trained hundreds of law enforcement officers around the world in techniques of digital forensics and investigation. Steve Bunting, EnCE, CCFT, has over 35 years of experience in law enforcement, and his background in computer forensics is extensive. He has conducted computer forensic examinations for numerous local, state, and federal agencies on a variety of cases, as well as testified in court as a computer forensics expert. He has taught computer forensics courses for Guidance Software and is currently a Senior Forensic Consultant with Forward Discovery. Ryan Johnson, DFCP, CFCE, EnCE, SCERS, is a Senior Forensic Consultant with Forward Discovery. He was a digital forensics examiner for the Durham, NC, police and a Media Exploitation Analyst with the U.S. Army. He is an instructor and developer with the ATA. Scott Pearson has trained law enforcement entities, military personnel, and network/system administrators in more than 20 countries for the ATA. He is also a certifying Instructor on the Cellebrite UFED Logical and Physical Analyzer Mobile Device Forensics tool and has served as an instructor for the DoD Computer Investigations Training Academy.