Windows Forensic Analysis DVD Toolkit.
Title:
Windows Forensic Analysis DVD Toolkit.
Author:
Carvey, Harlan.
ISBN:
9780080556444
Personal Author:
Physical Description:
1 online resource (386 pages)
Contents:
Cover -- Contents -- Preface -- Chapter 1: Live Response: Collecting Volatile Data -- Introduction -- Live Response -- What Data to Collect -- Nonvolatile Information -- Live-Response Methodologies -- Chapter 2: Live Response: Data Analysis -- Introduction -- Data Analysis -- Chapter 3: Windows Memory Analysis -- Introduction -- Dumping Physical Memory -- Analyzing a Physical Memory Dump -- Collecting Process Memory -- Chapter 4: Registry Analysis -- Introduction -- Inside the Registry -- Registry Analysis -- Chapter 5: File Analysis -- Introduction -- Event Logs -- File Metadata -- Alternative Methods of Analysis -- Chapter 6: Executable File Analysis -- Introduction -- Static Analysis -- Dynamic Analysis -- Chapter 7: Rootkits and Rootkit Detection -- Introduction -- Rootkits -- Rootkit Detection -- Index.
Abstract:
The only book available on the market that addresses and discusses in-depth forensic analysis of Windows systems. Windows Forensic Analysis DVD Toolkit takes the reader to a whole new, undiscovered level of forensic analysis for Windows systems, providing unique information and resources not available anywhere else. This book covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. This book also brings this material to the doorstep of system administrators, who are often the front line troops when an incident occurs, but due to staffing and budgets do not have the necessary knowledge to effectively respond. All disc-based content for this title is now available on the Web.
Local Note:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2017. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Genre:
Electronic Access:
Click to View