CDN$ 65.86
  • List Price: CDN$ 71.99
  • You Save: CDN$ 6.13 (9%)
Only 7 left in stock (more on the way).
Ships from and sold by Gift-wrap available.
Mastering Windows Network... has been added to your Cart
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 3 images

Mastering Windows Network Forensics and Investigation Paperback – Jun 26 2012

See all 5 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 65.86
CDN$ 28.59 CDN$ 34.30

Unlimited FREE Two-Day Shipping for Six Months When You Try Amazon Student
click to open popover

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Paperback: 696 pages
  • Publisher: Sybex; 2 edition (June 26 2012)
  • Language: English
  • ISBN-10: 1118163826
  • ISBN-13: 978-1118163825
  • Product Dimensions: 18.8 x 3.6 x 23.6 cm
  • Shipping Weight: 1 Kg
  • Average Customer Review: Be the first to review this item
  • Amazon Bestsellers Rank: #698,351 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Product Description

From the Back Cover

Learn How to Conduct a Complete Computer Forensic Investigation

This professional guide teaches law enforcement personnel, prosecutors, and corporate investigators how to investigate crimes involving Windows computers and Windows networks. A top team of forensic experts details how and why Windows networks are targeted, shows you how to analyze computers and computer logs, explains chain of custody, and covers such tricky topics as how to gather accurate testimony from employees in politically charged corporate settings.

From recognizing high-tech criminal activity to presenting evidence in a way that juries and judges understand, this book thoroughly covers the range of skills, standards, and step-by-step procedures you need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.

Coverage includes:

  • Responding to a reported computer intrusion
  • Understanding how attackers exploit Windows networks
  • Deciphering Windows ports, services, file systems, and the registry
  • Examining suspects' computers and entire networks
  • Analyzing event logs and data using live analysis techniques
  • Exploring new complexities from cloud computing and virtualization

Investigate Computer Crimes in Windows Environments

Fully Updated for Windows Server 2008 and Windows 7

Discover How to Locate and Analyze an Attacker's Tools

Learn Detailed Windows Event Log Analysis

About the Author

Steve Anson, CISSP, EnCE, is the cofounder of Forward Discovery. He has previously served as a police officer, FBI High Tech Crimes Task Force agent, Special Agent with the U.S. DoD, and an instructor with the U.S. State Department Antiterrorism Assistance Program (ATA). He has trained hundreds of law enforcement officers around the world in techniques of digital forensics and investigation. Steve Bunting, EnCE, CCFT, has over 35 years of experience in law enforcement, and his background in computer forensics is extensive. He has conducted computer forensic examinations for numerous local, state, and federal agencies on a variety of cases, as well as testified in court as a computer forensics expert. He has taught computer forensics courses for Guidance Software and is currently a Senior Forensic Consultant with Forward Discovery. Ryan Johnson, DFCP, CFCE, EnCE, SCERS, is a Senior Forensic Consultant with Forward Discovery. He was a digital forensics examiner for the Durham, NC, police and a Media Exploitation Analyst with the U.S. Army. He is an instructor and developer with the ATA. Scott Pearson has trained law enforcement entities, military personnel, and network/system administrators in more than 20 countries for the ATA. He is also a certifying Instructor on the Cellebrite UFED Logical and Physical Analyzer Mobile Device Forensics tool and has served as an instructor for the DoD Computer Investigations Training Academy.

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on (beta) 4.5 out of 5 stars 10 reviews
5.0 out of 5 stars Five Stars Oct. 13 2016
By jason m brooks - Published on
Format: Paperback Verified Purchase
I love it. detailed, informative, and a great index to use as a reference.
14 of 14 people found the following review helpful
5.0 out of 5 stars Great overview of incident response forensics July 24 2012
By Chad Tilbury - Published on
Format: Paperback
Mastering Windows Network Forensics and Investigations fills an interesting niche not well addressed in the pantheon of digital forensics resources. The material is well suited for beginning and intermediate forensic examiners looking to better understand network artifacts and go beyond single-system forensics. I highly recommend it for system administrators looking for a different perspective on network security or those interested in designing networks to be forensics-friendly. That said, the topics covered do not fit within the classical definition of network forensics. A more apt title might be Mastering Incident Response Forensics and Investigations.

This is the first book I have read in the Sybex Mastering series, and I was impressed with the writing, research, and editing. The authors blended dense material with relevant examples and insightful and engaging text boxes.

Some highlights:

- The event log coverage was excellent; a difficult and prosaic topic was explained in simple terms and with just the right amount of depth. One of my favorite sections included the recovery of event log fragments from free space.

- The chapters on the Windows registry were excellent and had space for rarely talked about advanced concepts like volatile hives, registry redirection and reflection, and registry virtualization.

- The investigative uses of XP Restore Points and Windows 7 Shadow Volumes tied in nicely with other topics.

- The new chapter on virtualization and cloud forensics is a good addition. Live response and data acquisition in virtualized environments like VMWare ESX was covered, and an intelligent discussion on how to prepare for collecting cloud data was started.

In this second edition (released in June 2012), it is obvious the authors took pains to include the most current information available. Windows 7, Server 2008R2, and their associated artifacts are discussed extensively. Guidance Software's EnCase v7 and Volatility 2.0 are both introduced. There are even references to computer crime cases occurring in 2012.

(This is an excerpt from my full review at
4 of 4 people found the following review helpful
5.0 out of 5 stars Don't let the name fool you. This one has much more to offer than the name might imply. Nov. 22 2012
By John Sammons - Published on
Format: Paperback Verified Purchase
One of my new favorite forensic books. I strongly recommend this book for Windows forensics in general, not just for networks. Great explanations of various Windows artifacts, file systems, and much more. The network related topics are covered equally as well. The book is very well written in a way that is both understandable and engaging. This book can work for experts and those starting out as well. An excellent addition to anyone's forensic library.
5.0 out of 5 stars This is an amazing book. It is well written and straight to ... July 30 2015
By armindo rodrigues - Published on
Format: Paperback Verified Purchase
This is an amazing book. It is well written and straight to the point. It covers every area of the windows operating system that you should expect to find evidence and paint a picture of what the bad guys did during a breach (or whatever else you are investigating). I would recommend this book 10 times over. There are plenty of screenshots and tutorials to review and the websites has data to practice on.
5.0 out of 5 stars Great book for learning network forensics! Sept. 8 2015
By mrpumba - Published on
Format: Paperback Verified Purchase
Great book of you do computer forensics. I purchased this book to learn more about network forensics and the way it is written it is like taking a course. The Authors lay out the progression in a step by step building process and easy to understand. I recommend this book to anyone doing network security or computer forensics.