Leverage the power of digital forensics for Windows systems
About This Book
Build your own lab environment to analyze forensic data and practice techniques.
This book offers meticulous coverage with an example-driven approach and helps you build the key skills of performing forensics on Windows-based systems using digital artifacts.
It uses specific open source and Linux-based tools so you can become proficient at analyzing forensic data and upgrade your existing knowledge.
Who This Book Is For
This book targets forensic analysts and professionals who would like to develop skills in digital forensic analysis for the Windows platform. You will acquire proficiency, knowledge, and core skills to undertake forensic analysis of digital data.
Prior experience of information security and forensic analysis would be helpful. You will gain knowledge and an understanding of performing forensic analysis with tools especially built for the Windows platform.
What You Will Learn
Perform live analysis on victim or suspect Windows systems locally or remotely
Understand the different natures and acquisition techniques of volatile and non-volatile data.
Create a timeline of all the system actions to restore the history of an incident.
Recover and analyze data from FAT and NTFS file systems.
Make use of various tools to perform registry analysis.
Track a system user's browser and e-mail activities to prove or refute some hypotheses.
Get to know how to dump and analyze computer memory.
Over the last few years, the wave of the cybercrime has risen rapidly. We have witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evident data from digital evidence, and the best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process.
We start by discussing the principles of the digital forensics process and move on to show you the approaches that are used to conduct analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data.
Style and approach
This is a step-by-step guide that delivers knowledge about different Windows artifacts. Each topic is explained sequentially, including artifact analysis using different tools and techniques. These techniques make use of the evidence extracted from infected machines, and are accompanied by real-life examples.
Table of contents
Practical Windows Forensics
- Practical Windows Forensics
- About the Authors
- About the Reviewers
- 1. The Foundations and Principles of Digital Forensics
2. Incident Response and Live Analysis
- Personal skills
- Security fundamentals
- The hardware for IR and Jump Bag
- Remote live response
- 3. Volatile Data Collection
4. Nonvolatile Data Acquisition
- Forensic image
- Incident Response CDs
- Live imaging of a hard drive
- Linux for the imaging of a hard drive
- Virtualization in data acquisition
- Evidence integrity (the hash function)
- Disk wiping in Linux
- 5. Timeline
6. Filesystem Analysis and Data Recovery
- Hard drive structure
- The FAT filesystem
- The NTFS filesystem
- The Sleuth Kit (TSK)
7. Registry Analysis
- The registry structure
- Backing up the registry files
- Extracting registry hives
- Parsing registry files
- Auto-run keys
- Registry analysis
- 8. Event Log Analysis
- 9. Windows Files
10. Browser and E-mail Investigation
- Browser investigation
- Microsoft Internet Explorer
- Other browsers
- E-mail investigation
11. Memory Forensics
- Memory structure
- Memory acquisition
- The sources of memory dump
- Processes in memory
- Network connections in memory
- The DLL injection
- API hooking
- Memory analysis
- 12. Network Forensics
- appA. Building a Forensic Analysis Environment
- appB. Case Study
- Title: Practical Windows Forensics
- Release date: June 2016
- Publisher(s): Packt Publishing
- ISBN: 9781783554096
You might also like
Learn Kali Linux 2019
Explore the latest ethical hacking tools and techniques in Kali Linux 2019 to perform penetration testing …
Cybersecurity Blue Team Toolkit
A practical handbook to cybersecurity for both tech and non-tech professionals As reports of major data …
Mastering Kali Linux for Advanced Penetration Testing - Third Edition
A practical guide to testing your infrastructure security with Kali Linux, the preferred choice of pentesters …
Learning Malware Analysis
Understand malware analysis and its practical implementation About This Book Explore the key concepts of malware …