Perl Scripting for Windows Security: Live Response, Forensic Analysis, and Monitoring Paperback – Dec 12 2007
|New from||Used from|
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
To get the free app, enter your mobile phone number.
About the Author
Harlan Carvey is a senior information security researcher with the Dell SecureWorks Counter Threat Unit - Special Ops (CTU-SO) team, where his efforts are focused on targeted threat hunting, response, and research. He continues to maintain a passion and focus in analyzing Windows systems, and in particular, the Windows Registry.
Harlan is an accomplished author, public speaker, and open source tool author. He dabbles in other activities, including home brewing and horseback riding. As a result, he has become quite adept at backing up and parking a horse trailer.
Harlan earned a bachelor’s degree in electrical engineering from the Virginia Military Institute, and a master’s degree in the same discipline from the Naval Postgraduate School. He served in the United States Marine Corps, achieving the rank of captain before departing the service. He resides in Northern Virginia with his family.
Most Helpful Customer Reviews on Amazon.com (beta)
At least an elementary understanding of Perl (or a related scripting language, such as Python) is required to make full use of the book.
Carvey covers some live response subjects and some registry and log analysis situations.
As Carvey points out, this book will not teach you how to perform live incident response or computer forensics.
Its value is as a tool to teach you how to use Perl as a tool in your work.
The book, as you might expect, is loaded with examples that will teach you much about Windows and using Perl to extract information. For instance, one script entitled "Lslink.pl" has much to teach about the structure of Windows shortcut or link files (which are encoded in binary) and how to extract that structure using a Perl script. The script runs about se ven printed pages. It is not overly complex, but following its logic is very informative.
By the way, one of the first things the author does is to brief the reader on the capabilities of several commonly available Perl modules, which can be extremely handy.
Harlan Carvey is very well known in the community for his writings on the Windows Registry and his Perl script RegRipper. Carvey not only demonstrates his masterly understanding of the Registry, but provides several scripts for the student reader to review and implement.
The book is actually rather broadly based and covers a number of areas, some of which the reader may have no immediate interest in or need for, such as live incident response in my case. But as Carvey points out, his goal here is to inspire, not to provide tools and answers for specific needs.
As an inspirational and teaching tool, Carvey achieves his objectives. For the person who is already familiar with Perl, the book serves as a goad for rolling your own code to meet specific needs that are not met in the omnibus commercial programs on the market.
This is not a Perl tutorial. However, if you happen to be using any of Harlan's tools that he has written in Perl to perform live response, post-mortem forensics or network security administration, the book gives good insight into exactly what the scripts are doing and why.
While I am not a Perl programmer, I have over 25 years of experience programming in various computer languages. Based on what I saw in the book, anyone with fairly basic programming knowledge can understand what Harlan is doing with the scripts and if they want to learn Perl, could use them as an excellent method for advancing their knowledge into writing specific scripts later on.
For someone who is an experienced programmer who wants to dive into Perl scripting, once you have gained an understanding of the Perl syntax and coding rules, Harlan's scripts and advice in the book for additional resources are an excellent way to get deeper into coding Perl for specific security tasks.
The foundation of programming is basically the same, no matter what language you choose to use. What differs between the different languages is primarily features and syntax. In other words, how you have to structure your coding for the interpreter or compiler to understand what you are trying to do.
The book is organized into three parts, with Part 1 covering how to use Perl for incident response and troubleshooting live systems. Part 2 covers post-mortem forensics and Part 3 covers monitoring application processes, Web services and log files.
While it is not a huge tome like many programming books, it is important to bear in mind that this is not a programming book. This is a book that demonstrates specific scripts for specific tasks. If you are a long time coder like me, you will appreciate a book that deals with a specific subject matter without trying to teach you everything and nothing about a programming language.
If you are interested in coding your own security or forensic tools, I would highly recommend this book.
Look for similar items by category
- Books > Computers & Technology > Certification Central > Exams > Security+
- Books > Computers & Technology > History & Culture > Privacy
- Books > Computers & Technology > Microsoft > Operating Systems > Windows NT Server
- Books > Computers & Technology > Networking & Cloud Computing > Network Security
- Books > Computers & Technology > Operating Systems
- Books > Computers & Technology > Programming
- Books > Computers & Technology > Security & Encryption > Forensics
- Books > Computers & Technology > Security & Encryption > Windows Security
- Books > Computers & Technology > Web Development > Programming
- Books > Science & Math > Mathematics > Applied
- Books > Textbooks > Computer Science & Information Systems > Operating Systems
- Books > Textbooks > Computer Science & Information Systems > Programming Languages