Mastering Windows Network Forensics and Investigation (PDF)

Introduction xvii Part 1 Understanding and Exploiting Windows Networks 1 Chapter 1 Network Investigation Overview 3 Chapter 2 The Microsoft Network Structure 25 Chapter 3 Beyond the Windows GUI 63 Chapter 4 Windows Password Issues 85 Chapter 5 Windows Ports and Services 137 Part 2 Analyzing the Computer 157 Chapter 6 Live-Analysis Techniques 159 Chapter 7 Windows Filesystems 179 Chapter 8 The Registry Structure 215 Chapter 9 Registry Evidence 257 Chapter 10 Introduction to Malware 325 Part 3 Analyzing the Logs 349 Chapter 11 Text-Based Logs 351 Chapter 12 Windows Event Logs 381 Chapter 13 Logon and Account Logon Events 419 Chapter 14 Other Audit Events 463 Chapter 15 Forensic Analysis of Event Logs 505 Part 4 Results, the Cloud, and Virtualization 537 Chapter 16 Presenting the Results 539 Chapter 17 The Challenges of Cloud Computing and Virtualization 565 Part 5 Appendices 597 Appendix A The Bottom Line 599 Appendix B Test Environments 633 Index 647

Steve Anson, CISSP, EnCE, is the cofounder of Forward Discovery. He has previously served as a police officer, FBI High Tech Crimes Task Force agent, Special Agent with the U.S. DoD, and an instructor with the U.S. State Department Antiterrorism Assistance Program (ATA). He has trained hundreds of law enforcement officers around the world in techniques of digital forensics and investigation. Steve Bunting, EnCE, CCFT, has over 35 years of experience in law enforcement, and his background in computer forensics is extensive. He has conducted computer forensic examinations for numerous local, state, and federal agencies on a variety of cases, as well as testified in court as a computer forensics expert. He has taught computer forensics courses for Guidance Software and is currently a Senior Forensic Consultant with Forward Discovery. Ryan Johnson, DFCP, CFCE, EnCE, SCERS, is a Senior Forensic Consultant with Forward Discovery. He was a digital forensics examiner for the Durham, NC, police and a Media Exploitation Analyst with the U.S. Army. He is an instructor and developer with the ATA. Scott Pearson has trained law enforcement entities, military personnel, and network/system administrators in more than 20 countries for the ATA. He is also a certifying Instructor on the Cellebrite UFED Logical and Physical Analyzer Mobile Device Forensics tool and has served as an instructor for the DoD Computer Investigations Training Academy.

Dieses eBook können Sie uneingeschränkt auf allen Geräten der tolino Familie lesen. Zum Lesen auf sonstigen eReadern und am PC benötigen Sie eine Adobe ID.