O'Reilly logo

Windows Forensics and Incident Recovery by Harlan Carvey

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5. Incident Response Tools

So far, we've covered how systems are compromised, how data can be hidden on a live system, and how systems can be configured to prevent (or at least allow the administrator to detect) incidents. In this chapter, we're going to cover the various tools that are used in incident response. These are tools that you as the administrator, first responder, incident investigator, or security consultant are going to use to collect information from systems. This chapter is going to cover just tools. Techniques, methodologies, and analysis of the information you collect will be covered in the following chapters. In this chapter, we'll cover freeware tools, tools native to Windows systems, and Perl scripts used to collect ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required