|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
Frequently Bought Together
Product Details
|
Product Description
Review
"Harlan has done it again! Continuing in the tradition of excellence established by the previous editions, Windows Forensics Analysis Toolkit 3e is an indispensable resource for any forensic examiner. Whether you're a seasoned veteran or just starting out, this work is required reading. WFA3e will maintain a perennial spot on my core reference bookshelf!"--Cory Altheide, Google "Windows Forensic Analysis Toolkit 3rd Edition provides a wealth of important information for new and old practitioners alike. Not only does it provide a great overview of artifacts of interest on Windows 7 systems, but it also presents plenty of technology independent concepts that play an important role in any investigation. Feel free to place a copy on your shelf next to WFA 2ed and WRF."--Digital4rensics.com
Book Description
Now in its third edition, Harlan Carvey has updated Windows Forensic Analysis Toolkit to cover Windows 7 systems. The primary focus of this edition is on analyzing Windows 7 systems and on processes using free and open-source tools. The book covers live response, file analysis, malware detection, timeline, and much more. The author presents real-life experiences from the trenches, making the material realistic and showing the why behind the how. New to this edition, the companion and toolkit materials are now hosted online. This material consists of electronic printable checklists, cheat sheets, free custom tools, and walk-through demos. This edition complements Windows Forensic Analysis Toolkit, 2nd Ed. (ISBN: 9781597494229), which focuses primarily on XP.
- Complete coverage and examples on Windows 7 systems
- Contains Lessons from the Field, Case Studies, and War Stories
- Companion online material, including electronic printable checklists, cheat sheets, free custom tools, and walk-through demos
Inside This Book
(Learn More)
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items. |
Customer Reviews
|
There are no customer reviews yet on Amazon.ca
|
||||||||||||||||||||
|
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:
5.0 out of 5 stars (6 customer reviews)
3 of 3 people found the following review helpful
5.0 out of 5 stars
The third essential volume in Harlan Carvey's Windows forensic "trilogy", Mar 5 2012
By Jennifer Kolde - Published on Amazon.com
This review is from: Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 (Paperback)
If you've worked with Windows for any length of time, you know that each subsequent version of Microsoft's operating system tends to be almost the same...and yet entirely different. Windows 7 is no exception, giving us many familiar logs, structures, and artifacts that we know from Windows XP or 2003...only revised and expanded, or in different locations, or in different formats, or all of the above. Not to mention the brand new stuff.Harlan has once again found the sweet spot - instead of fully revising the Second Edition of his book (which would be premature, as most environments still have extensive XP / 2003 infrastructure in place, and likely will for some time), he provides a companion book that builds on his previous volumes and outlines the new technologies and key differences between Windows 7 and earlier versions of the OS.
Now that many corporations are finally rolling out Windows 7 in force, forensic examiners are also making the transition to analyzing "new" Windows systems. This book provides the essential reference for Windows 7 analysis. While many of the technologies and techniques in Harlan's book have been discussed on blogs, mailing lists, and at conferences, he has been kind enough to collect the information in one place. In addition, he has been thorough enough to verify and expand upon the information through his own research and analysis, providing real world examples, tips, and cautions along the way.
Finally, as always Harlan writes with a keen awareness - both first-hand and through his extensive industry contacts - of what is current "in the field". This encompasses not only the specific questions and challenges faced by real analysts in real cases, but the tools and techniques in use or under development to address those issues. Harlan's information is both timely and relevant...and all the better for those of us on a budget that many of those tools and techniques he discusses are free and / or open source.
Harlan Carvey's "Windows Forensic Analysis Toolkit - Third Edition" is a welcome companion to both his Second Edition and Windows Registry Analysis. The three form a set that no Windows incident responder or forensic analyst should be without.
1 of 1 people found the following review helpful
5.0 out of 5 stars
REAL-LIFE FORENSIC ANALYSIS!!!!, Mar 4 2012
By John R. Vacca "Tech Write Independent Reviewer" - Published on Amazon.com
This review is from: Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 (Paperback)
Do you have an interest in developing a greater understanding of digital forensic analysis, specifically of Windows 7 systems? Author Harlan Carvey, has done an outstanding job of writing a third edition of a book that discusses the core concepts that sets the foundation for digital forensic analysis.Author Carvey, begins by addressing the core investigative and analysis concepts that are so critical. In addition, the author discusses the need for immediate response once an incident has been identified. He then addresses how analysts can access the wealth of information available in VSCs without having to interact with the live system, and without having to purchase expensive solutions. The author then focuses not only on the analysis of some of the usual files available on Windows systems, but also files and data structures that are new to Windows 7, and have been identified and better understood through research and testing. The author continues by addressing some of the information provided through other sources, most notably Windows Registry Forensics, and takes that information a step further, particularly with respect to the Windows 7 systems. He then discusses a specific type of analysis that is becoming very prominent within the digital forensic community. The author then shows you the process of creating a timeline of system activity for analysis. Finally, he discusses a number of concepts and techniques that are usually associated with dynamic malware analysis, but take a more general approach.
This most excellent book covered a number of artifacts and resources that analysts can turn to within a Windows system to help address the issues and goals they are facing. Perhaps more importantly, this book focused on the fact that application analysis is, in some ways, similar to malware analysis, as some of the same techniques can be used to gather information regarding the effect that an application has on the environment, either through installation or normal user interaction.
1 of 1 people found the following review helpful
5.0 out of 5 stars
A perfect companion, Feb 26 2012
By Jimmy Weg "CFCE" - Published on Amazon.com
This review is from: Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 (Paperback)
I found that Harlan's latest book is a great adjunct to my collection of his works. While it presents many of the essential operating system updates that we've discussed on forums, it also reviews enough previously published material to give the reader a foundation upon which to grasp important topics that haven't been issues in earlier systems. I like the way that Harlan laid out the chapters; he presents the material succinctly, yet with sufficient detail to provide a worthwhile learning experience. From my perspective, I particularly appreciate the Malware Detection chapter, as it presents a very nice summary of problems that many law enforcement examiners face, and Harlan provides not only direction, but tells us why certain procedures and artifacts are important.
Listmania!
Look for similar items by category
- Books > Computers & Internet > Computer Science
- Books > Computers & Internet > Networking > Network Security
- Books > Computers & Internet > Programming
- Books > Computers & Internet > Security & Encryption > Windows Security
- Books > New & Used Textbooks > Computer Science & Information Systems
- Books > Nonfiction > Crime & Criminals > Forensic Science
Look for similar items by subject
Feedback
Would you like to update product info or give feedback on images?
|
