Creating a Windows Live-Analysis Toolkit

Conducting live analysis of a Windows system takes some prior planning. Traditionally, one of the most cost-effective and safest methods of performing live analysis was to create a series of live-analysis CDs. These CDs would contain the software needed to recover the majority of the evidence that a network intrusion investigator would need to properly process a victim computer’s memory. These CDs would contain not only trusted copies of common analysis tools but also the shared dynamic-link libraries (DLLs) on which these tools rely. These CDs should not be confused with boot CDs such as BackTrack or SANS Investigate Forensic Toolkit (SIFT) ( ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.