Windows Forensics Book by Chad Steel at Bookstore - Bookswagon
Logo1
close menu
Bookswagon
search
My Account
Home icon Home
Account Icon Account
Wishlist Icon Wishlist
Cart Icon Cart
humburger icon Categories
Book 1
Book 2
Book 3
Book 1
Book 2
Book 3
Book 1
Book 2
Book 3
Book 1
Book 2
Book 3
Home > Computing and Information Technology > Computer security > Windows Forensics: The Field Guide for Corporate Computer Investigations
Windows Forensics: The Field Guide for Corporate Computer Investigations
Windows Forensics: The Field Guide for Corporate Computer Investigations

Windows Forensics: The Field Guide for Corporate Computer Investigations


     0     
5
4
3
2
1
Write Reviews


Out of Stock


Notify me when this book is in stock
X

Windows Forensics: The Field Guide for Corporate Computer Investigations
The Field Guide for Corporate Computer Investigations
Format: Digital (delivered electronically)

About the Book

The evidence is in--to solve Windows crime, you need Windows tools


An arcane pursuit a decade ago, forensic science today is a household term. And while the computer forensic analyst may not lead as exciting a life as TV's CSIs do, he or she relies just as heavily on scientific principles and just as surely solves crime.

Whether you are contemplating a career in this growing field or are already an analyst in a Unix/Linux environment, this book prepares you to combat computer crime in the Windows world. Here are the tools to help you recover sabotaged files, track down the source of threatening e-mails, investigate industrial espionage, and expose computer criminals.
* Identify evidence of fraud, electronic theft, and employee Internet abuse
* Investigate crime related to instant messaging, Lotus Notes(r), and increasingly popular browsers such as Firefox(r)
* Learn what it takes to become a computer forensics analyst
* Take advantage of sample forms and layouts as well as case studies
* Protect the integrity of evidence
* Compile a forensic response toolkit
* Assess and analyze damage from computer crime and process the crime scene
* Develop a structure for effectively conducting investigations
* Discover how to locate evidence in the Windows Registry

Table of Contents:

Chapter 1 Windows Forensics 1

The Corporate Computer Forensic Analyst 2

Windows Forensics 3

People, Processes, and Tools 6

Computer Forensics: Today and Tomorrow 8

Additional Resources 9

Chapter 2 Processing the Digital Crime Scene 11

Identify the Scene 12

Perform Remote Research 15

Secure the Crime Scene 17

Document the Scene 18

Process the Scene for Physical Evidence 19

Process the Scene for Electronic Evidence 22

Chain of Custody 25

Best Evidence 26

Working with Law Enforcement 28

Additional Resources 29

Chapter 3 Windows Forensic Basics 31

History and Versions 32

MS-DOS 32

Windows 1.x, 2.x, and 3.x 32

Windows NT and 2000 33

Windows 95, 98, and ME 34

Windows XP and 2003 35

Non-Volatile Storage 38

Floppy Disks 38

Tapes 43

CDs and DVDs 46

USB Flash Drives 48

Hard Disks 51

Additional Resources 58

Chapter 4 Partitions and File Systems 59

Master Boot Record 59

Windows File Systems 65

FAT 66

VFAT 73

NTFS 75

Compression 85

Encryption 88

Additional Resources 96

Chapter 5 Directory Structure and Special Files 97

Windows NT/2000/XP 97

Directories 98

Files 107

Windows 9x 112

Directories 112

Files 113

Additional Resources 114

Chapter 6 The Registry 115

History 115

Registry Basics 116

Registry Analysis 121

General 122

Folder Locations 125

Startup Items 128

Intelliforms 132

Advanced Registry Analysis 133

Additional Resources 136

Chapter 7 Forensic Analysis 137

Chapter 8 Live System Analysis 139

Covert Analysis 144

System State Analysis 144

System Tools 146

Storage 147

Services and Applications 148

Remote Enumeration 150

Monitoring 154

Keystroke Recording 155

Network Monitoring 157

Overt Analysis 166

GUI-based Overt Analysis 166

Local Command Line Analysis 169

Remote Command Line Analysis 170

Basic Information Gathering 173

System State Information 177

Running Program Information 182

Main Memory Analysis 186

Additional Resources 189

Chapter 9 Forensic Duplication 193

Hard Disk Duplication 194

In-Situ Duplication 197

Direct Duplication 203

Magnetic Tape 204

Hard Disks 205

Optical Disks 205

Multi-tiered Storage 206

Log File Duplication 208

Additional Resources 210

Chapter 10 File System Analysis 211

Searching 211

Index-based Searching 212

Bitwise Searching 217

Search Methodology 219

Hash Analysis 220

Positive Hash Analysis 223

Negative Hash Analysis 224

File Recovery 225

Special Files 236

Print Spool Files 236

Windows Shortcuts 239

Paging File 241

Additional Resources 244

Chapter 11 Log File Analysis 247

Event Logs 247

Application Log 250

System Log 252

Security Log 253

Successful Log-on/Log-off Events 254

Failed Log-on Event 255

Change of Policy 256

Successful or Failed Object Access 256

Account Change 256

Log Clearing 257

Internet Logs 257

HTTP Logs 260

FTP Logs 266

SMTP Logs 268

Additional Resources 270

Chapter 12 Internet Usage Analysis 271

Web Activity 272

Internet Explorer 272

Favorites 274

History 277

Cache 281

Cookies 283

Firefox 285

Favorites 285

History 288

Cache 289

Cookies 291

Passwords 292

Downloads 293

Toolbar History 293

Network, Proxy, and DNS History 294

Peer-to-Peer Networking 294

Gnutella Clients 296

Bearshare 297

Downloading 297

Sharing 298

Other Information 298

Limewire 299

Downloading 300

Sharing 300

FastTrack Clients 301

Overnet, eMule, and eDonkey2000 Clients 302

Downloading 304

Sharing 305

Instant Messaging 305

AOL Instant Messenger 306

Microsoft Messenger 307

Additional Resources 309

Chapter 13 Email Investigations 311

Outlook/Outlook Express 314

Outlook Express 314

Acquisition 315

Analysis 317

Outlook 321

Acquisition 321

Access Control 322

Analysis 322

Lotus Notes 326

Acquisition 329

Access Control and Logging 330

Analysis 331

Address Book 333

Additional Resources 338

Appendix A Sample Chain of Custody Form 339

Appendix B Master Boot Record Layout 341

Appendix C Partition Types 343

Appendix D FAT32 Boot Sector Layout 349

Appendix E NTFS Boot Sector Layout 353

Appendix F NTFS Metafiles 355

Appendix G Well-Known SIDs 357

Index 363



About the Author :
Chad Steel has investigated more than 300 computer security incidents. As an adjunct faculty member, he developed and taught the Computer Forensics graduate course in Penn State's engineering program and has instructed federal and local law enforcement, commercial clients, and graduate students in forensic analysis. His experience includes serving as head of IT investigations for a Global 100 corporation and as managing director of the Systems Integration and Security practice at Qwest Communications. Chad Steel has investigated more than 300 computer security incidents. As an adjunct faculty member, he developed and taught the Computer Forensics graduate course in Penn State's engineering program and has instructed federal and local law enforcement, commercial clients, and graduate students in forensic analysis. His experience includes serving as head of IT investigations for a Global 100 corporation and as managing director of the Systems Integration and Security practice at Qwest Communications.

Best Sellers

See All
Too Good To Be True
Quick View

Too Good To Be True Prajakta Koli

4.3 (6)

AED48

Thank You for Leaving
Quick View

Thank You for Leaving Rithvik Singh

2 (5)

AED45

Atomic Habits (EXP)
Quick View

Atomic Habits (EXP) James Clear

No Review Yet

AED101

My First Library
Quick View

My First Library

4.1 (8)

AED66

Dopamine Detox
Quick View

Dopamine Detox Thibaut Meurisse

No Review Yet

AED44

Money Myths and Mantras
Quick View

Money Myths and Mantras Devina Mehra

4.7 (3)

AED48

Meditations
Quick View

Meditations Marcus Aurelius

4.3 (6)

AED43

Harry Potter Box Set: The Complete Collection (Children’s Paperback)
Quick View

Harry Potter Box Set: The Complete Collection (Children’s Paperback) J.K. Rowling

4.3 (8)

AED246

Atomic Habits
Quick View

Atomic Habits James Clear

4.6 (5)

AED70

The Art of Being Alone
Quick View

The Art of Being Alone Renuka Gavrani

5 (6)

AED47

Animals Tales From Panchtantra
Quick View

Animals Tales From Panchtantra

4.5 (10)

AED47

My First Book of Patterns Pencil Control
Quick View

My First Book of Patterns Pencil Control

4.6 (8)

AED21

Product Details
  • ISBN-13: 9780470255148
  • Publisher: John Wiley & Sons Inc
  • Publisher Imprint: John Wiley & Sons Inc
  • Language: English
  • Sub Title: The Field Guide for Corporate Computer Investigations
  • ISBN-10: 0470255145
  • Publisher Date: 20 Aug 2007
  • Binding: Digital (delivered electronically)
  • No of Pages: 408

Similar Products

Add Photo
Add Photo

Customer Reviews

REVIEWS      0     
Click Here To Be The First to Review this Product
Windows Forensics: The Field Guide for Corporate Computer Investigations
John Wiley & Sons Inc -
Windows Forensics: The Field Guide for Corporate Computer Investigations
Writing guidlines
We want to publish your review, so please:
  • keep your review on the product. Review's that defame author's character will be rejected.
  • Keep your review focused on the product.
  • Avoid writing about customer service. contact us instead if you have issue requiring immediate attention.
  • Refrain from mentioning competitors or the specific price you paid for the product.
  • Do not include any personally identifiable information, such as full names.

Windows Forensics: The Field Guide for Corporate Computer Investigations

Required fields are marked with *

Review Title*
Review
    Add Photo Add up to 6 photos
    Would you recommend this product to a friend?
    Tag this Book Read more
    Does your review contain spoilers?
    What type of reader best describes you?
    I agree to the terms & conditions
    You may receive emails regarding this submission. Any emails will include the ability to opt-out of future communications.

    CUSTOMER RATINGS AND REVIEWS AND QUESTIONS AND ANSWERS TERMS OF USE

    These Terms of Use govern your conduct associated with the Customer Ratings and Reviews and/or Questions and Answers service offered by Bookswagon (the "CRR Service").


    By submitting any content to Bookswagon, you guarantee that:
    • You are the sole author and owner of the intellectual property rights in the content;
    • All "moral rights" that you may have in such content have been voluntarily waived by you;
    • All content that you post is accurate;
    • You are at least 13 years old;
    • Use of the content you supply does not violate these Terms of Use and will not cause injury to any person or entity.
    You further agree that you may not submit any content:
    • That is known by you to be false, inaccurate or misleading;
    • That infringes any third party's copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy;
    • That violates any law, statute, ordinance or regulation (including, but not limited to, those governing, consumer protection, unfair competition, anti-discrimination or false advertising);
    • That is, or may reasonably be considered to be, defamatory, libelous, hateful, racially or religiously biased or offensive, unlawfully threatening or unlawfully harassing to any individual, partnership or corporation;
    • For which you were compensated or granted any consideration by any unapproved third party;
    • That includes any information that references other websites, addresses, email addresses, contact information or phone numbers;
    • That contains any computer viruses, worms or other potentially damaging computer programs or files.
    You agree to indemnify and hold Bookswagon (and its officers, directors, agents, subsidiaries, joint ventures, employees and third-party service providers, including but not limited to Bazaarvoice, Inc.), harmless from all claims, demands, and damages (actual and consequential) of every kind and nature, known and unknown including reasonable attorneys' fees, arising out of a breach of your representations and warranties set forth above, or your violation of any law or the rights of a third party.


    For any content that you submit, you grant Bookswagon a perpetual, irrevocable, royalty-free, transferable right and license to use, copy, modify, delete in its entirety, adapt, publish, translate, create derivative works from and/or sell, transfer, and/or distribute such content and/or incorporate such content into any form, medium or technology throughout the world without compensation to you. Additionally,  Bookswagon may transfer or share any personal information that you submit with its third-party service providers, including but not limited to Bazaarvoice, Inc. in accordance with  Privacy Policy


    All content that you submit may be used at Bookswagon's sole discretion. Bookswagon reserves the right to change, condense, withhold publication, remove or delete any content on Bookswagon's website that Bookswagon deems, in its sole discretion, to violate the content guidelines or any other provision of these Terms of Use.  Bookswagon does not guarantee that you will have any recourse through Bookswagon to edit or delete any content you have submitted. Ratings and written comments are generally posted within two to four business days. However, Bookswagon reserves the right to remove or to refuse to post any submission to the extent authorized by law. You acknowledge that you, not Bookswagon, are responsible for the contents of your submission. None of the content that you submit shall be subject to any obligation of confidence on the part of Bookswagon, its agents, subsidiaries, affiliates, partners or third party service providers (including but not limited to Bazaarvoice, Inc.)and their respective directors, officers and employees.

    Accept

    See All

    Inspired by your browsing history


    Your review has been submitted!

    You've already reviewed this product!