Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7

Front Cover
Elsevier, Feb 10, 2012 - Computers - 271 pages
Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 provides an overview of live and postmortem response collection and analysis methodologies for Windows 7. It considers the core investigative and analysis concepts that are critical to the work of professionals within the digital forensic analysis community, as well as the need for immediate response once an incident has been identified.
Organized into eight chapters, the book discusses Volume Shadow Copies (VSCs) in the context of digital forensics and explains how analysts can access the wealth of information available in VSCs without interacting with the live system or purchasing expensive solutions. It also describes files and data structures that are new to Windows 7 (or Vista), Windows Registry Forensics, how the presence of malware within an image acquired from a Windows system can be detected, the idea of timeline analysis as applied to digital forensic analysis, and concepts and techniques that are often associated with dynamic malware analysis. Also included are several tools written in the Perl scripting language, accompanied by Windows executables.
This book will prove useful to digital forensic analysts, incident responders, law enforcement officers, students, researchers, system administrators, hobbyists, or anyone with an interest in digital forensic analysis of Windows 7 systems.

  • Timely 3e of a Syngress digital forensic bestseller
  • Updated to cover Windows 7 systems, the newest Windows version
  • New online companion website houses checklists, cheat sheets, free tools, and demos
 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

1 Analysis Concepts
1
2 Immediate Response
23
3 Volume Shadow Copies
43
4 File Analysis
69
5 Registry Analysis
111
6 Malware Detection
155
7 Timeline Analysis
195
8 Application Analysis
233
Index
245
Copyright

Other editions - View all

Common terms and phrases

About the author (2012)

Harlan Carvey is a senior information security researcher with the Dell SecureWorks Counter Threat Unit - Special Ops (CTU-SO) team, where his efforts are focused on targeted threat hunting, response, and research. He continues to maintain a passion and focus in analyzing Windows systems, and in particular, the Windows Registry.

Harlan is an accomplished author, public speaker, and open source tool author. He dabbles in other activities, including home brewing and horseback riding. As a result, he has become quite adept at backing up and parking a horse trailer.

Harlan earned a bachelor's degree in electrical engineering from the Virginia Military Institute, and a master's degree in the same discipline from the Naval Postgraduate School. He served in the United States Marine Corps, achieving the rank of captain before departing the service. He resides in Northern Virginia with his family.

Bibliographic information