Purpose

The purpose of this book is to introduce the readers to a brave new world of technical information about their Microsoft Windows systems. In particular, this book focuses on forensics audits and incident recovery, or stated more plainly, what an administrator, investigator, consultant, or first responder should do and look for if they believe that a live Windows system has been compromised and how to interpret and analyze what they find.

Security incidents will occur without a doubt. The complexity of operating systems and applications has increased to meet the needs of the users, yet the effort and skill required to attack hundreds of systems at a time has dramatically decreased. Anyone with a connection to the Internet can download ...

Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.