Practical Windows Forensics

Leverage the power of digital forensics for Windows systems
Preview in Mapt
Code Files

Practical Windows Forensics

Ayman Shaaban, Konstantin Sapronov

Leverage the power of digital forensics for Windows systems
Mapt Subscription
FREE
$29.99/m after trial
eBook
$28.00
RRP $39.99
Save 29%
Print + eBook
$49.99
RRP $49.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$28.00
$49.99
$29.99p/m after trial
RRP $39.99
RRP $49.99
Subscription
eBook
Print + eBook
Start 30 Day Trial

Frequently bought together


Practical Windows Forensics Book Cover
Practical Windows Forensics
$ 39.99
$ 28.00
Programming Windows Workflow Foundation: Practical WF Techniques and Examples using XAML and C# Book Cover
Programming Windows Workflow Foundation: Practical WF Techniques and Examples using XAML and C#
$ 26.99
$ 18.90
Buy 2 for $35.00
Save $31.98
Add to Cart
Subscribe and access every Packt eBook & Video.
 
  • 5,000+ eBooks & Videos
  • 50+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 

Book Details

ISBN 139781783554096
Paperback322 pages

Book Description

Over the last few years, the wave of the cybercrime has risen rapidly. We have witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evident data from digital evidence, and the best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process.

We start by discussing the principles of the digital forensics process and move on to show you the approaches that are used to conduct analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data.

Table of Contents

Chapter 1: The Foundations and Principles of Digital Forensics
What is digital crime?
Digital forensics
Digital evidence
Digital forensic goals
Analysis approaches
Summary
Chapter 2: Incident Response and Live Analysis
Personal skills
Security fundamentals
The hardware for IR and Jump Bag
Remote live response
Summary
Chapter 3: Volatile Data Collection
Memory acquisition
Network-based data collection
Summary
Chapter 4: Nonvolatile Data Acquisition
Forensic image
Incident Response CDs
Live imaging of a hard drive
Linux for the imaging of a hard drive
Virtualization in data acquisition
Evidence integrity (the hash function)
Disk wiping in Linux
Summary
Chapter 5: Timeline
Timeline introduction
The Sleuth Kit
Super timeline – Plaso
Plaso architecture
Plaso in practice
Summary
Chapter 6: Filesystem Analysis and Data Recovery
Hard drive structure
The FAT filesystem
The NTFS filesystem
The Sleuth Kit (TSK)
Autopsy
Foremost
Summary
Chapter 7: Registry Analysis
The registry structure
Backing up the registry files
Extracting registry hives
Parsing registry files
Auto-run keys
Registry analysis
Summary
Chapter 8: Event Log Analysis
Event Logs - an introduction
Event Logs system
Extracting Event Logs
Summary
Chapter 9: Windows Files
Windows prefetch files
Windows tasks
Windows Thumbs DB
Windows RecycleBin
Windows shortcut files
Summary
Chapter 10: Browser and E-mail Investigation
Browser investigation
Microsoft Internet Explorer
Firefox
Other browsers
E-mail investigation
Summary
Chapter 11: Memory Forensics
Memory structure
Memory acquisition
The sources of memory dump
Processes in memory
Network connections in memory
The DLL injection
API hooking
Memory analysis
Summary
Chapter 12: Network Forensics
Network data collection
Exploring logs
Using tcpdump
Using tshark
Using WireShark
Knowing Bro
Summary

What You Will Learn

  • Perform live analysis on victim or suspect Windows systems locally or remotely
  • Understand the different natures and acquisition techniques of volatile and non-volatile data.
  • Create a timeline of all the system actions to restore the history of an incident.
  • Recover and analyze data from FAT and NTFS file systems.
  • Make use of various tools to perform registry analysis.
  • Track a system user's browser and e-mail activities to prove or refute some hypotheses.
  • Get to know how to dump and analyze computer memory.

Authors

Table of Contents

Chapter 1: The Foundations and Principles of Digital Forensics
What is digital crime?
Digital forensics
Digital evidence
Digital forensic goals
Analysis approaches
Summary
Chapter 2: Incident Response and Live Analysis
Personal skills
Security fundamentals
The hardware for IR and Jump Bag
Remote live response
Summary
Chapter 3: Volatile Data Collection
Memory acquisition
Network-based data collection
Summary
Chapter 4: Nonvolatile Data Acquisition
Forensic image
Incident Response CDs
Live imaging of a hard drive
Linux for the imaging of a hard drive
Virtualization in data acquisition
Evidence integrity (the hash function)
Disk wiping in Linux
Summary
Chapter 5: Timeline
Timeline introduction
The Sleuth Kit
Super timeline – Plaso
Plaso architecture
Plaso in practice
Summary
Chapter 6: Filesystem Analysis and Data Recovery
Hard drive structure
The FAT filesystem
The NTFS filesystem
The Sleuth Kit (TSK)
Autopsy
Foremost
Summary
Chapter 7: Registry Analysis
The registry structure
Backing up the registry files
Extracting registry hives
Parsing registry files
Auto-run keys
Registry analysis
Summary
Chapter 8: Event Log Analysis
Event Logs - an introduction
Event Logs system
Extracting Event Logs
Summary
Chapter 9: Windows Files
Windows prefetch files
Windows tasks
Windows Thumbs DB
Windows RecycleBin
Windows shortcut files
Summary
Chapter 10: Browser and E-mail Investigation
Browser investigation
Microsoft Internet Explorer
Firefox
Other browsers
E-mail investigation
Summary
Chapter 11: Memory Forensics
Memory structure
Memory acquisition
The sources of memory dump
Processes in memory
Network connections in memory
The DLL injection
API hooking
Memory analysis
Summary
Chapter 12: Network Forensics
Network data collection
Exploring logs
Using tcpdump
Using tshark
Using WireShark
Knowing Bro
Summary

Book Details

ISBN 139781783554096
Paperback322 pages
Read More

Read More Reviews

Recommended for You

Kali Linux 2: Windows Penetration Testing Book Cover
Kali Linux 2: Windows Penetration Testing
$ 39.99
$ 28.00
Learning Geospatial Analysis with Python Book Cover
Learning Geospatial Analysis with Python
$ 29.99
$ 21.00
Mastering Python Forensics Book Cover
Mastering Python Forensics
$ 31.99
$ 22.40
Practical Mobile Forensics Book Cover
Practical Mobile Forensics
$ 35.99
$ 25.20
Network Analysis using Wireshark Cookbook Book Cover
Network Analysis using Wireshark Cookbook
$ 29.99
$ 6.00
Web Penetration Testing with Kali Linux Book Cover
Web Penetration Testing with Kali Linux
$ 29.99
$ 21.00