O'Reilly logo

Mastering Windows Network Forensics and Investigation, 2nd Edition by Scott Pearson, Ryan Johnson, Steve Bunting, Steven Anson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 6

Live-Analysis Techniques

As you saw in Chapter 3, “Beyond the Windows GUI,” attackers will frequently take significant steps to conceal their presence on a system. Some of these steps include avoiding making changes to the hard drive of the victim system in order to reduce the amount of recoverable evidence of their activities. You saw in Chapter 5, “Windows Ports and Services,” how valuable information regarding running processes as well as open and active ports on the system can be stored in the RAM of a running system. This chapter will build on the knowledge that you gained in those two chapters to explain ways to gather this type of evidence from a running system. This knowledge will help elevate your skills from those of a basic ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required