Windows Forensic Analysis Toolkit, 3rd Edition
- Length: 296 pages
- Edition: 3
- Language: English
- Publisher: Syngress
- Publication Date: 2012-02-10
- ISBN-10: 1597497274
- ISBN-13: 9781597497275
- Sales Rank: #213947 (See Top 100 Books)
Windows Forensic Analysis Toolkit, Third Edition: Advanced Analysis Techniques for Windows 7
Now in its third edition, Harlan Carvey has updated Windows Forensic Analysis Toolkit to cover Windows 7 systems. The primary focus of this edition is on analyzing Windows 7 systems and on processes using free and open-source tools. The book covers live response, file analysis, malware detection, timeline, and much more. The author presents real-life experiences from the trenches, making the material realistic and showing the why behind the how. New to this edition, the companion and toolkit materials are now hosted online. This material consists of electronic printable checklists, cheat sheets, free custom tools, and walk-through demos. This edition complements Windows Forensic Analysis Toolkit, 2nd Ed. (ISBN: 9781597494229), which focuses primarily on XP.
- Complete coverage and examples on Windows 7 systems
- Contains Lessons from the Field, Case Studies, and War Stories
- Companion online material, including electronic printable checklists, cheat sheets, free custom tools, and walk-through demos
Amazon Exclusive: A Letter from Harlan Carvey, author of Windows Forensic Analysis Toolkit, 3rd Edition
Dear Amazon Readers,
I am not an expert. I really, enthusiastically enjoy performing digital forensic analysis of Windows systems and will get up early (for me…”early” is a relative term) to work on an examination. I enjoy not just finding new things in my analysis, but finding new combinations of things, looking for those hidden patterns to jump out of the data. I enjoy writing code to parse the binary contents of a file so that I can then see how the various teeth of the operating system and application gears mesh together, and in seeing what primary, secondary, and tertiary artifacts are left by various events that occur on a system.
When I first started writing books, I did so because I could not find something that would fit what I saw as my needs. Sure, there were books available that covered some aspects of digital forensic analysis of Windows systems, but there wasn’t anything available that really went into depth on analyzing Windows as a system of interconnected components. There were books that covered some of the really obvious indications of an intrusion or malware infection, but how often are our examinations really about finding the obvious artifacts? I knew I couldn’t be the only one looking for something like this, and writing a book not only provided a reference for myself and others, but the act of writing required me to polish and hone my thoughts. I hope you enjoy the finished product, and that it leads you beyond the obvious.
I hope you find my attempt to contribute to the digital forensics analysis community to be useful and thought-provoking. Thank you.
–Harlan Carvey
Table of Contents
Chapter 1 Analysis Concepts
Chapter 2 Immediate Response
Chapter 3 Volume Shadow Copies
Chapter 4 File Analysis
Chapter 5 Registry Analysis
Chapter 6 Malware Detection
Chapter 7 Timeline Analysis
Chapter 8 Application Analysis
