Investigating windows systems harlan carvey pdf

Название: Investigating Windows Systems
Автор: Harlan Carvey
Издательство: Academic Press
Год: 2018
Страниц: 136
Формат: True PDF
Размер: 10 Mb
Язык: English

Unlike other books, courses and training that expect an analyst to piece together individual instructions into a cohesive investigation, Investigating Windows Systems provides a walk-through of the analysis process, with descriptions of the thought process and analysis decisions along the way.

Investigating Windows Systems will not address topics which have been covered in other books, but will expect the reader to have some ability to discover the detailed usage of tools and to perform their own research. The focus of this volume is to provide a walk-through of the analysis process, with descriptions of the thought process and the analysis decisions made along the way.

A must-have guide for those in the field of digital forensic analysis and incident response.

Provides the reader with a detailed walk-through of the analysis process, with decision points along the way, assisting the user in understanding the resulting data
Coverage will include malware detection, user activity, and how to set up a testing environment
Written at a beginner to intermediate level for anyone engaging in the field of digital forensic analysis and incident response

Investigating Windows Systems

A new book by Harlan Carvey, “Investigating Windows Systems”, has been officially announced, and is available for pre-order here.

Here is the book’s overview:

Most available courses, training, and books approach digital forensic analysis from the perspective of dumping the pieces of the puzzle out on the table, and expecting the analyst to assemble the puzzle without a full understanding of what the final product is supposed to look like. However, what none of these sources actually do is provide a walk-through of the analysis process, with descriptions of the thought process and analysis decisions made along the way.

Investigating Windows Systems will not address topics which have been covered in other books, but will expect the reader to have some ability to discover the detailed usage of tools and to perform their own research. This volume will provide a walk-through of the analysis process, with descriptions of the thought process and the analysis decisions made along the way.

A must-have guide for those in the field of digital forensic analysis and incident response.

• Provides reader with a detailed walk-through of the analysis process, with decision points along the way, assisting the user in understanding the resulting data
• Coverage will include malware detection, user activity, and setting up a testing environment
• Written at a beginner to intermediate level, for anyone engaging in the field of digital forensic analysis and incident response

Investigating Windows Systems

1st Edition

Institutional Subscription

Secure Checkout

Free Shipping

Description

Unlike other books, courses and training that expect an analyst to piece together individual instructions into a cohesive investigation, Investigating Windows Systems provides a walk-through of the analysis process, with descriptions of the thought process and analysis decisions along the way.

Investigating Windows Systems will not address topics which have been covered in other books, but will expect the reader to have some ability to discover the detailed usage of tools and to perform their own research. The focus of this volume is to provide a walk-through of the analysis process, with descriptions of the thought process and the analysis decisions made along the way.

A must-have guide for those in the field of digital forensic analysis and incident response.

Key Features

• Provides the reader with a detailed walk-through of the analysis process, with decision points along the way, assisting the user in understanding the resulting data
• Coverage will include malware detection, user activity, and how to set up a testing environment
• Written at a beginner to intermediate level for anyone engaging in the field of digital forensic analysis and incident response

Readership

Digital forensic professionals and analysts, information security professionals, researchers, and practitioners. Students in digital forensics programs at community college or university

Table of Contents

1. Introduction
2. Malware Detection
3. User Activity
4. Test Environment
5. Field Manual

Details

About the Author

Harlan Carvey

Mr. Carvey is a digital forensics and incident response analyst with past experience in vulnerability assessments, as well as some limited pen testing. He conducts research into digital forensic analysis of Window systems, identifying and parsing various digital artifacts from those systems, and has developed several innovative tools and investigative processes specific to the digital forensics analysis field. He is the developer of RegRipper, a widely-used tool for Windows Registry parsing and analysis. Mr. Carvey has developed and taught several courses, including Windows Forensics, Registry, and Timeline Analysis.

Affiliations and Expertise

DFIR analyst, presenter, and open-source tool author

Ratings and Reviews

Investigating Windows Systems will not address topics which have been covered in other books, but will expect the reader to have some ability to discover the detailed usage of tools and to perform their own research. The focus of this volume is to provide a walk-through of the analysis process, with descriptions of the thought process and the analysis decisions made along the way.

A must-have guide for those in the field of digital forensic analysis and incident response.

I’ve read several books by Harlan, and I’ve never been disappointed. I love his direct way of writing. IWS is thinner and smaller than his other books, but no less important, on the contrary.
Harlan writes that IWS is not for beginners, I still see myself as a beginner and should contradict Harlan here, also IWS is a book that is important, or may be, for any beginner, although some pieces in the book are not so easy with an effort of the reader and a search on the Internet everything becomes understandable.

The book is well organized. It teaches you from the beginning that a good analysis plan is important. It teaches you to focus between ‘nice to know’ and ‘need to know’.

The book is divided into several cases (finding malware, user activity, web server compromise). Harlan explains to you how he would deal with these cases himself, and then teaches you how to make a self-reflection. What did you learn from your case, and how would you tackle it next time?
The book is not about the analysis of images themselves, nor about which tools you should use, but about how you should do the analysis, what plan you make. He teaches you to make the difference between a targeted approach and an automated approach.

In the last part, Harlan will teach you how to set up a testing environment, and convince you that testing changes in the file system yourself by deleting files, installing programs, is often more instructive than just asking for help on the net.

I really enjoyed the book.

I am writing this review for two reasons:

1. Investigating Windows Systems by Harlan Carvey is excellent
2. Our industry does not support the leaders in our industry enough.

Harlan is a man who speaks what he thinks and backs it up with experience, knowledge, and facts. This is something that I appreciate.

Anyone can complain and point out that things are not being done properly or analyzed in the right way, but few can provide clear ideas and opinions on how it should be done that others will less experience can follow.

This book is smaller than your typical book in the computer industry, which is a positive.
I have read too many monstrous technical books that claim to provide all the answers but are limited on practical details and instead list example after example that may or may not provide insight into real-world issues.

Harlan went the opposite direction and wrote a book which provides just the facts and just the information you need to feel more confident in responding to a cyber incident.

The book is broken down into 5 parts

1. Analysis Process
2. Finding Malware
3. User Activity
4. Web Server Compromise
5. Setting Up a Test Environment

In the Preface, Harlan starts off by stating “I am not an expert”, but with over 30 years in the information security field, I think it’s safe to say Harlan is being a bit humble.

The reality is that he IS an expert and clearly knows what he is talking about when it comes to incident response which is very apparent in this book.

For someone like me, that feels overwhelmed at the idea of responding to a cyber incident, getting into the mind of an expert who has dealt with countless cyber incidents is extremely valuable.

Each decision is explained and evidence is shown on what step to take next and why to reduce the overall amount of data that you need to process and analyze. His examples flow, allowing you to ‘see’ what Harlan sees as he steps you through the different examples.

In my mind, Harlan’s book is a must for folks working in Incident Response. I strongly encourage you to purchase the book so that you can get into Harlan’s head and see why he makes the decisions he makes during an incident response.

I started off this review stating that his book is excellent and that we must support Harlan and others like him that give so much to the DFIR community. Training within the DFIR field is expensive and if we hope to have Harlan and others produce books like this, which provide so much useful information at a fraction of formal training costs, then we have to support them by purchasing the book and encouraging others to do the same.

Windows Forensic Analysis Toolkit

Скачать книгу в формате:

Аннотация

Harlan Carvey has updated Windows Forensic Analysis Toolkit, now in its fourth edition, to cover Windows 8 systems. The primary focus of this edition is on analyzing Windows 8 systems and processes using free and open-source tools. The book covers live response, file analysis, malware detection, timeline, and much more. Harlan Carvey presents real-life experiences from the trenches, making the material realistic and showing the why behind the how. The companion and toolkit materials are hosted online. This material consists of electronic printable checklists, cheat sheets, free custom tools, and walk-through demos. This edition complements Windows Forensic Analysis Toolkit, Second Edition, which focuses primarily on XP, and Windows Forensic Analysis Toolkit, Third Edition, which focuses primarily on Windows 7. This new fourth edition provides expanded coverage of many topics beyond Windows 8 as well, including new cradle-to-grave case examples, USB device analysis, hacking and intrusion cases, and "e;how would I do this"e; from Harlan’s personal case files and questions he has received from readers. The fourth edition also includes an all-new chapter on reporting. Complete coverage and examples of Windows 8 systems Contains lessons from the field, case studies, and war stories Companion online toolkit material, including electronic printable checklists, cheat sheets, custom tools, and walk-throughs

Отзывы

Популярные книги

Трогательная история говорящего Лабрадора Мани, который оказался настоящим финансовым гением, в д.

Пёс по имени Мани

Кира Касс ОТБОР Привет, пап! (машет лапкой) ГЛАВА 1 Когда мы получили письмо, мама была.

Отбор

Часть первая Факты Глава первая В экспресс «Тавры» садится значительное лицо Ранним морозным ут.

Убийство в Восточном экспрессе

Америка превратилась в ад. Из секретной лаборатории вырвался на свободу опаснейший вирус. Умерли.

Противостояние

Джесс и Джейсон. Такие имена дала Рейчел «безупречным» супругам, за жизнью которых она день за .

Девушка в поезде

Что может быть хуже, чем погибнуть во время отбора невест? Отказать будущему императору! Ведь .

Обрученные кровью. Выбор

Привет тебе, любитель чтения. Не советуем тебе открывать «Windows Forensic Analysis Toolkit» Carvey Harlan (EN) утром перед выходом на работу, можешь существенно опоздать. Глубоко цепляет непредвиденная, сложнопрогнозируемая последняя сцена и последующая проблематика, оставляя место для самостоятельного домысливания будущего. События происходят в сложные времена, но если разобраться, то проблемы и сложности практически всегда одинаковы для всех времен и народов. Кто способен читать между строк, может уловить, что важное в своем непосредственном проявлении становится собственной противоположностью. Небезынтересно наблюдать как герои, обладающие не высокой моралью, пройдя через сложные испытания, преобразились духовно и кардинально сменили свои взгляды на жизнь. Увлекательно, порой смешно, весьма трогательно, дает возможность задуматься о себе, навевая воспоминания из жизни. Через виденье главного героя окружающий мир в воображении читающего вырисовывается ярко, красочно и невероятно красиво. С помощью намеков, малозначимых деталей постепенно вырастает главное целое, убеждая читателя в реальности прочитанного. Автор искусно наполняет текст деталями, используя в том числе описание быта, но благодаря отсутствию тяжеловесных описаний произведение читается на одном выдохе. Все образы и элементы столь филигранно вписаны в сюжет, что до последней страницы «видишь» происходящее своими глазами. Что ни говори, а все-таки есть некая изюминка, которая выделяет данный masterpiece среди множества подобного рода и жанра. «Windows Forensic Analysis Toolkit» Carvey Harlan (EN) читать бесплатно онлайн будет интересно не всем, но истинные фаны этого стиля останутся вполне довольны.

• Понравилось: 0
• В библиотеках: 0

Новинки

В девятый выпуск сборника «Крутой детектив США» вошли роман одного из самых читаемых мастеров этог.

Голубой молоточек. Охота за сокровищами

В девятый выпуск сборника «Крутой детектив США» вошли роман одного из самых читаемых мастеров этог.

Когда берёшь грех убийства на душу, получаешь и расплату. Константин Велесов, наказавший того, кто.

В опасной паутине. Книга первая

Когда берёшь грех убийства на душу, получаешь и расплату. Константин Велесов, наказавший того, кто.