Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7
Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 provides an overview of live and postmortem response collection and analysis methodologies for Windows 7. It considers the core investigative and analysis concepts that are critical to the work of professionals within the digital forensic analysis community, as well as the need for immediate response once an incident has been identified.
Organized into eight chapters, the book discusses Volume Shadow Copies (VSCs) in the context of digital forensics and explains how analysts can access the wealth of information available in VSCs without interacting with the live system or purchasing expensive solutions. It also describes files and data structures that are new to Windows 7 (or Vista), Windows Registry Forensics, how the presence of malware within an image acquired from a Windows system can be detected, the idea of timeline analysis as applied to digital forensic analysis, and concepts and techniques that are often associated with dynamic malware analysis. Also included are several tools written in the Perl scripting language, accompanied by Windows executables.
This book will prove useful to digital forensic analysts, incident responders, law enforcement officers, students, researchers, system administrators, hobbyists, or anyone with an interest in digital forensic analysis of Windows 7 systems.
What people are saying - Write a review
We haven't found any reviews in the usual places.
Other editions - View all
accessing VSCs acquired image activity artifacts batch file blog browser chapter command line created data sources default deleted detection device digital forensic discussed disk Event Log event records events file example extract F-Response file system folder following command forensic analysis format FTK Imager hard drive hive file identified illustrated in Figure incident response indications infrastructure installed iTouch jump list LastWrite launched located log file malware malware infection metadata Microsoft modified NTFS operating system output parse Perl script persistence mechanism plugin prefetch files ProDiscover Registry hive Registry keys RegRipper Rob Lee scan scheduled tasks serial number server Skype Software hive specific SQLite stamps subkeys Symantec System hive thumb drive tion unique instance ID updated user’s UserAssist VHD file Vista VMWare Windows Event Logs Windows Registry Windows systems Windows XP XP systems