Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Practical Windows Forensics
  • Table Of Contents Toc
  • Feedback & Rating feedback
Practical Windows Forensics

Practical Windows Forensics

5 (6)
Buy this Book
close
close
Practical Windows Forensics

Practical Windows Forensics

5 (6)
Buy this Book

Overview of this book

Over the last few years, the wave of the cybercrime has risen rapidly. We have witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evident data from digital evidence, and the best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process. We start by discussing the principles of the digital forensics process and move on to show you the approaches that are used to conduct analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data.
Table of Contents (15 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. The Foundations and Principles of Digital Forensics
chevron up
Icon
1. The Foundations and Principles of Digital Forensics
Icon
What is digital crime?
Icon
Digital forensics
Icon
Digital evidence
Icon
Digital forensic goals
Icon
Analysis approaches
Icon
Summary
2
2. Incident Response and Live Analysis
Icon
2. Incident Response and Live Analysis
Icon
Personal skills
Icon
Security fundamentals
Icon
The hardware for IR and Jump Bag
Icon
Remote live response
Icon
Summary
3
3. Volatile Data Collection
Icon
3. Volatile Data Collection
Icon
Memory acquisition
Icon
Network-based data collection
Icon
Summary
4
4. Nonvolatile Data Acquisition
Icon
4. Nonvolatile Data Acquisition
Icon
Forensic image
Icon
Incident Response CDs
Icon
Live imaging of a hard drive
Icon
Linux for the imaging of a hard drive
Icon
Virtualization in data acquisition
Icon
Evidence integrity (the hash function)
Icon
Disk wiping in Linux
Icon
Summary
5
5. Timeline
Icon
5. Timeline
Icon
Timeline introduction
Icon
The Sleuth Kit
Icon
Super timeline – Plaso
Icon
Plaso architecture
Icon
Plaso in practice
Icon
Summary
6
6. Filesystem Analysis and Data Recovery
Icon
6. Filesystem Analysis and Data Recovery
Icon
Hard drive structure
Icon
The FAT filesystem
Icon
The NTFS filesystem
Icon
The Sleuth Kit (TSK)
Icon
Autopsy
Icon
Foremost
Icon
Summary
7
7. Registry Analysis
Icon
7. Registry Analysis
Icon
The registry structure
Icon
Backing up the registry files
Icon
Extracting registry hives
Icon
Parsing registry files
Icon
Auto-run keys
Icon
Registry analysis
Icon
Summary
8
8. Event Log Analysis
Icon
8. Event Log Analysis
Icon
Event Logs - an introduction
Icon
Event Logs system
Icon
Extracting Event Logs
Icon
Summary
9
9. Windows Files
Icon
9. Windows Files
Icon
Windows prefetch files
Icon
Windows tasks
Icon
Windows Thumbs DB
Icon
Windows RecycleBin
Icon
Windows shortcut files
Icon
Summary
10
10. Browser and E-mail Investigation
Icon
10. Browser and E-mail Investigation
Icon
Browser investigation
Icon
Microsoft Internet Explorer
Icon
Firefox
Icon
Other browsers
Icon
E-mail investigation
Icon
Summary
11
11. Memory Forensics
Icon
11. Memory Forensics
Icon
Memory structure
Icon
Memory acquisition
Icon
The sources of memory dump
Icon
Processes in memory
Icon
Network connections in memory
Icon
The DLL injection
Icon
API hooking
Icon
Memory analysis
Icon
Summary
12
12. Network Forensics
Icon
12. Network Forensics
Icon
Network data collection
Icon
Exploring logs
Icon
Using tcpdump
Icon
Using tshark
Icon
Using WireShark
Icon
Knowing Bro
Icon
Summary
13
appA. Building a Forensic Analysis Environment
Icon
appA. Building a Forensic Analysis Environment
Icon
Factors that need to be considered
14
appB. Case Study
Icon
Introduction
Icon
Scenario
Icon
Acquisition
Icon
Live analysis
Icon
Prefetch files
Icon
Browser analysis
Icon
Postmortem analysis
Icon
Summary

What is digital crime?

Let's suppose that a criminal breaks into a bank to steal the money in the safe, and in another case an attacker somehow hacked into the bank's private network and transferred money to his account. Both of these are targeting the monetary assets of the company.

In the first case, if an investigator needs to track a criminal, they would apply their investigation skills to the crime scene. They would track the attacker's fingerprints and activities to finally get a clear idea about what happened and identify the criminal. In the second scenario, the investigator needs to track the criminal's digital traces on the local system, the network, and even through the Internet in order to understand the criminal's activities, and this may uncover their digital identity.

In an ordinary crime, the investigator needs to find the crime's motivation and target. In cybercrime, the investigator needs to know the malicious code—the weapon—that the attacker used in conducting their crime, the vulnerability exploited to compromise the digital system, and the size of the damage. In the same way, we can apply the same investigation mechanisms to digital crime after taking into consideration the different nature of assets and attacks.

There are various targets of digital crime. These start from harassment to stealing credit cards and money online, to espionage between countries or big companies; as we recently saw there were some famous and aggressive malware programs and attacks that were thought to be developed with nation-level support against other nations, targeting some infrastructure or sensitive information. Also, these attacks that were targeted at some famous companies in different fields led to information and data leakage.

For these reasons, investing in securing the assets in their digital form has gained great importance in the last decade in both governmental and private sectors. One branch of the information security process is digital forensics.

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Practical Windows Forensics
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon