Mastering Windows Network Forensics and Investigation Paperback – Jun 26 2012
|New from||Used from|
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
To get the free app, enter your mobile phone number.
From the Back Cover
Learn How to Conduct a Complete Computer Forensic Investigation
This professional guide teaches law enforcement personnel, prosecutors, and corporate investigators how to investigate crimes involving Windows computers and Windows networks. A top team of forensic experts details how and why Windows networks are targeted, shows you how to analyze computers and computer logs, explains chain of custody, and covers such tricky topics as how to gather accurate testimony from employees in politically charged corporate settings.
From recognizing high-tech criminal activity to presenting evidence in a way that juries and judges understand, this book thoroughly covers the range of skills, standards, and step-by-step procedures you need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.
- Responding to a reported computer intrusion
- Understanding how attackers exploit Windows networks
- Deciphering Windows ports, services, file systems, and the registry
- Examining suspects' computers and entire networks
- Analyzing event logs and data using live analysis techniques
- Exploring new complexities from cloud computing and virtualization
Investigate Computer Crimes in Windows Environments
Fully Updated for Windows Server 2008 and Windows 7
Discover How to Locate and Analyze an Attacker's Tools
Learn Detailed Windows Event Log Analysis
About the Author
Steve Anson, CISSP, EnCE, is the cofounder of Forward Discovery. He has previously served as a police officer, FBI High Tech Crimes Task Force agent, Special Agent with the U.S. DoD, and an instructor with the U.S. State Department Antiterrorism Assistance Program (ATA). He has trained hundreds of law enforcement officers around the world in techniques of digital forensics and investigation. Steve Bunting, EnCE, CCFT, has over 35 years of experience in law enforcement, and his background in computer forensics is extensive. He has conducted computer forensic examinations for numerous local, state, and federal agencies on a variety of cases, as well as testified in court as a computer forensics expert. He has taught computer forensics courses for Guidance Software and is currently a Senior Forensic Consultant with Forward Discovery. Ryan Johnson, DFCP, CFCE, EnCE, SCERS, is a Senior Forensic Consultant with Forward Discovery. He was a digital forensics examiner for the Durham, NC, police and a Media Exploitation Analyst with the U.S. Army. He is an instructor and developer with the ATA. Scott Pearson has trained law enforcement entities, military personnel, and network/system administrators in more than 20 countries for the ATA. He is also a certifying Instructor on the Cellebrite UFED Logical and Physical Analyzer Mobile Device Forensics tool and has served as an instructor for the DoD Computer Investigations Training Academy.
Most Helpful Customer Reviews on Amazon.com (beta)
This is the first book I have read in the Sybex Mastering series, and I was impressed with the writing, research, and editing. The authors blended dense material with relevant examples and insightful and engaging text boxes.
- The event log coverage was excellent; a difficult and prosaic topic was explained in simple terms and with just the right amount of depth. One of my favorite sections included the recovery of event log fragments from free space.
- The chapters on the Windows registry were excellent and had space for rarely talked about advanced concepts like volatile hives, registry redirection and reflection, and registry virtualization.
- The investigative uses of XP Restore Points and Windows 7 Shadow Volumes tied in nicely with other topics.
- The new chapter on virtualization and cloud forensics is a good addition. Live response and data acquisition in virtualized environments like VMWare ESX was covered, and an intelligent discussion on how to prepare for collecting cloud data was started.
In this second edition (released in June 2012), it is obvious the authors took pains to include the most current information available. Windows 7, Server 2008R2, and their associated artifacts are discussed extensively. Guidance Software's EnCase v7 and Volatility 2.0 are both introduced. There are even references to computer crime cases occurring in 2012.
(This is an excerpt from my full review at ForensicFocus.com)
Look for similar items by category
- Books > Business & Investing > Industries & Professions > E-commerce
- Books > Computers & Technology > Certification Central > Publisher > Sybex
- Books > Computers & Technology > Microsoft > Operating Systems
- Books > Computers & Technology > Networking & Cloud Computing > Network Security
- Books > Computers & Technology > Security & Encryption > Forensics
- Books > Computers & Technology > Security & Encryption > Windows Security
- Books > Politics & Social Sciences > Crime & Criminals > Forensic Science
- Books > Textbooks > Computer Science & Information Systems
- Books > Textbooks > Law