𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7

✍ Scribed by Harlan Carvey

Publisher
Syngress
Year
2012
Tongue
English
Leaves
294
Edition
3Β°
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 provides an overview of live and postmortem response collection and analysis methodologies for Windows 7. It considers the core investigative and analysis concepts that are critical to the work of professionals within the digital forensic analysis community, as well as the need for immediate response once an incident has been identified.
Organized into eight chapters, the book discusses Volume Shadow Copies (VSCs) in the context of digital forensics and explains how analysts can access the wealth of information available in VSCs without interacting with the live system or purchasing expensive solutions. It also describes files and data structures that are new to Windows 7 (or Vista), Windows Registry Forensics, how the presence of malware within an image acquired from a Windows system can be detected, the idea of timeline analysis as applied to digital forensic analysis, and concepts and techniques that are often associated with dynamic malware analysis. Also included are several tools written in the Perl scripting language, accompanied by Windows executables.
This book will prove useful to digital forensic analysts, incident responders, law enforcement officers, students, researchers, system administrators, hobbyists, or anyone with an interest in digital forensic analysis of Windows 7 systems.

  • Timely 3e of a Syngress digital forensic bestseller
  • Updated to cover Windows 7 systems, the newest Windows version
  • New online companion website houses checklists, cheat sheets, free tools, and demos

✦ Table of Contents

Front Cover
Windows Forensic Analysis Toolkit
Copyright Page
Contents
Preface
Intended Audience
Organization of this Book
Chapter 1: Analysis Concepts
Chapter 2: Immediate Response
Chapter 3: Volume Shadow Copies
Chapter 4: File Analysis
Chapter 5: Registry Analysis
Chapter 6: Malware Detection
Chapter 7: Timeline Analysis
Chapter 8: Application Analysis
Online Content
Acknowledgments
About the Author
About the Technical Editor
1 Analysis Concepts
Introduction
Analysis Concepts
Windows Versions
Analysis Principles
Goals
Tools Versus Processes
Locard’s Exchange Principle
Avoiding Speculation
Direct and Indirect Artifacts
Least Frequency of Occurrence
Documentation
Convergence
Virtualization
Setting up an Analysis System
Summary
2 Immediate Response
Introduction
Being Prepared to Respond
Questions
The Importance of Preparation
Logs
Data Collection
Training
Summary
3 Volume Shadow Copies
Introduction
What Are β€œVolume Shadow Copies”?
Registry Keys
Live Systems
ProDiscover
F-Response
Acquired Images
VHD Method
VMWare Method
Automating VSC Access
ProDiscover
Summary
Reference
4 File Analysis
Introduction
MFT
File System Tunneling
Event Logs
Windows Event Log
Recycle Bin
Prefetch Files
Scheduled Tasks
Jump Lists
Hibernation Files
Application Files
Antivirus Logs
Skype
Apple Products
Image Files
Summary
References
5 Registry Analysis
Introduction
Registry Analysis
Registry Nomenclature
The Registry as a Log File
USB Device Analysis
System Hive
Services
Software Hive
Application Analysis
NetworkList
NetworkCards
Scheduled Tasks
User Hives
WordWheelQuery
Shellbags
MUICache
UserAssist
Virtual PC
TypedPaths
Additional Sources
RegIdleBackup
Volume Shadow Copies
Virtualization
Memory
Tools
Summary
References
6 Malware Detection
Introduction
Malware Characteristics
Initial Infection Vector
Propagation Mechanism
Persistence Mechanism
Artifacts
Detecting Malware
Log Analysis
Dr. Watson Logs
Antivirus Scans
AV Write-ups
Digging Deeper
Packed Files
Digital Signatures
Windows File Protection
Alternate Data Streams
PE File Compile Times
MBR Infectors
Registry Analysis
Internet Activity
Additional Detection Mechanisms
Seeded Sites
Summary
References
7 Timeline Analysis
Introduction
Timelines
Data Sources
Time Formats
Concepts
Benefits
Format
Time
Source
System
User
Description
TLN Format
Creating Timelines
File System Metadata
Event Logs
Windows XP
Windows 7
Prefetch Files
Registry Data
Additional Sources
Parsing Events into a Timeline
Thoughts on Visualization
Case Study
Summary
8 Application Analysis
Introduction
Log Files
Dynamic Analysis
Network Captures
Application Memory Analysis
Summary
References
Index

πŸ“œ SIMILAR VOLUMES

Windows Forensic Analysis Toolkit, Third
πŸ“ Windows Forensic Analysis Toolkit, Third Edition: Advanced Analysis Techniques for Windows 7
✍ Harlan Carvey πŸ“‚ Library πŸ“… 2012 πŸ› Syngress 🌐 English

Now in its third edition, Harlan Carvey has updated Windows Forensic Analysis Toolkit to cover Windows 7 systems. The primary focus of this edition is on analyzing Windows 7 systems and on processes using free and open-source tools. The book covers live response, file analysis, malware detection, ti

Windows Forensic Analysis Toolkit, Third
πŸ“ Windows Forensic Analysis Toolkit, Third Edition: Advanced Analysis Techniques for Windows 7
✍ Harlan Carvey πŸ“‚ Library πŸ“… 2012 πŸ› Syngress 🌐 English

Now in its third edition, Harlan Carvey has updated Windows Forensic Analysis Toolkit to cover Windows 7 systems. The primary focus of this edition is on analyzing Windows 7 systems and on processes using free and open-source tools. The book covers live response, file analysis, malware detection, ti

Windows Forensic Analysis Toolkit. Advan
πŸ“ Windows Forensic Analysis Toolkit. Advanced Analysis Techniques for Windows 8
✍ Harlan Carvey (Auth.) πŸ“‚ Library πŸ“… 2014 πŸ› Syngress 🌐 English

Harlan Carvey has updated Windows Forensic Analysis Toolkit, now in its fourth edition, to cover Windows 8 systems. The primary focus of this edition is on analyzing Windows 8 systems and processes using free and open-source tools. The book covers live response, file analysis, malware detection, tim

Windows Forensic Analysis Toolkit
πŸ“ Windows Forensic Analysis Toolkit
✍ Carvey, Harlan πŸ“‚ Library πŸ“… 2014 πŸ› Syngress 🌐 English

Harlan Carvey has updated Windows Forensic Analysis Toolkit, now in its fourth edition, to cover Windows 8 systems. The primary focus of this edition is on analyzing Windows 8 systems and processes using free and open-source tools. The book covers live response, file analysis, malware detection, tim

Windows Forensic Analysis DVD Toolkit
πŸ“ Windows Forensic Analysis DVD Toolkit
✍ Carvey H. πŸ“‚ Library πŸ“… 2007 🌐 English

The only book available on the market that addresses and discusses in-depth forensic analysis of Windows systems. Windows Forensic Analysis DVD Toolkit takes the reader to a whole new, undiscovered level of forensic analysis for Windows systems, providing unique information and resources not availab

Windows Forensic Analysis Including DVD
πŸ“ Windows Forensic Analysis Including DVD Toolkit
✍ Harlan Carvey, Dave Kleiman πŸ“‚ Library πŸ“… 2007 πŸ› Syngress 🌐 English

This book is a great book for both professionals and beginners in Cyber Forensic Investigation. It is obvious that the author had an extensive research about Windows Forensic Analysis with many cross references in the book and to the online resources. The Windows Registry chapter is one of the bes