Windows forensic analysis toolkit advanced analysis techniques for Windows 7
Windows is the largest operating system on desktops and servers worldwide, which means more intrusions, malware infections, and cybercrime happen on these systems. Author Harlan Carvey has brought his bestselling book up-to-date by covering the newest version of Windows, Windows 7. Windows Forensic...
| Autor principal: | |
|---|---|
| Otros Autores: | |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Amsterdam :
Elsevier/Syngress
2012.
|
| Edición: | 3rd ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628025506719 |
Tabla de Contenidos:
- Windows Forensic Analysis Toolkit; Copyright Page; Contents; Preface; Intended Audience; Organization of this Book; Chapter 1: Analysis Concepts; Chapter 2: Immediate Response; Chapter 3: Volume Shadow Copies; Chapter 4: File Analysis; Chapter 5: Registry Analysis; Chapter 6: Malware Detection; Chapter 7: Timeline Analysis; Chapter 8: Application Analysis; Online Content; Acknowledgments; About the Author; About the Technical Editor; 1 Analysis Concepts; Introduction; Analysis Concepts; Windows Versions; Analysis Principles; Goals; Tools Versus Processes; Locard's Exchange Principle
- Avoiding SpeculationDirect and Indirect Artifacts; Least Frequency of Occurrence; Documentation; Convergence; Virtualization; Setting up an Analysis System; Summary; 2 Immediate Response; Introduction; Being Prepared to Respond; Questions; The Importance of Preparation; Logs; Data Collection; Training; Summary; 3 Volume Shadow Copies; Introduction; What Are "Volume Shadow Copies"?; Registry Keys; Live Systems; ProDiscover; F-Response; Acquired Images; VHD Method; VMWare Method; Automating VSC Access; ProDiscover; Summary; Reference; 4 File Analysis; Introduction; MFT; File System Tunneling
- Event LogsWindows Event Log; Recycle Bin; Prefetch Files; Scheduled Tasks; Jump Lists; Hibernation Files; Application Files; Antivirus Logs; Skype; Apple Products; Image Files; Summary; References; 5 Registry Analysis; Introduction; Registry Analysis; Registry Nomenclature; The Registry as a Log File; USB Device Analysis; System Hive; Services; Software Hive; Application Analysis; NetworkList; NetworkCards; Scheduled Tasks; User Hives; WordWheelQuery; Shellbags; MUICache; UserAssist; Virtual PC; TypedPaths; Additional Sources; RegIdleBackup; Volume Shadow Copies; Virtualization; Memory; Tools
- SummaryReferences; 6 Malware Detection; Introduction; Malware Characteristics; Initial Infection Vector; Propagation Mechanism; Persistence Mechanism; Artifacts; Detecting Malware; Log Analysis; Dr. Watson Logs; Antivirus Scans; AV Write-ups; Digging Deeper; Packed Files; Digital Signatures; Windows File Protection; Alternate Data Streams; PE File Compile Times; MBR Infectors; Registry Analysis; Internet Activity; Additional Detection Mechanisms; Seeded Sites; Summary; References; 7 Timeline Analysis; Introduction; Timelines; Data Sources; Time Formats; Concepts; Benefits; Format; Time
- SourceSystem; User; Description; TLN Format; Creating Timelines; File System Metadata; Event Logs; Windows XP; Windows 7; Prefetch Files; Registry Data; Additional Sources; Parsing Events into a Timeline; Thoughts on Visualization; Case Study; Summary; 8 Application Analysis; Introduction; Log Files; Dynamic Analysis; Network Captures; Application Memory Analysis; Summary; References; Index
