Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Practical Windows Forensics
  • Table Of Contents Toc
Practical Windows Forensics

Practical Windows Forensics

5 (6)
Buy this Book
close
close
Practical Windows Forensics

Practical Windows Forensics

5 (6)
Buy this Book

Overview of this book

Over the last few years, the wave of the cybercrime has risen rapidly. We have witnessed many major attacks on the governmental, military, financial, and media sectors. Tracking all these attacks and crimes requires a deep understanding of operating system operations, how to extract evident data from digital evidence, and the best usage of the digital forensic tools and techniques. Regardless of your level of experience in the field of information security in general, this book will fully introduce you to digital forensics. It will provide you with the knowledge needed to assemble different types of evidence effectively, and walk you through the various stages of the analysis process. We start by discussing the principles of the digital forensics process and move on to show you the approaches that are used to conduct analysis. We will then study various tools to perform live analysis, and go through different techniques to analyze volatile and non-volatile data.
Table of Contents (15 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. The Foundations and Principles of Digital Forensics
chevron up
Icon
1. The Foundations and Principles of Digital Forensics
Icon
What is digital crime?
Icon
Digital forensics
Icon
Digital evidence
Icon
Digital forensic goals
Icon
Analysis approaches
Icon
Summary
2
2. Incident Response and Live Analysis
Icon
2. Incident Response and Live Analysis
Icon
Personal skills
Icon
Security fundamentals
Icon
The hardware for IR and Jump Bag
Icon
Remote live response
Icon
Summary
3
3. Volatile Data Collection
Icon
3. Volatile Data Collection
Icon
Memory acquisition
Icon
Network-based data collection
Icon
Summary
4
4. Nonvolatile Data Acquisition
Icon
4. Nonvolatile Data Acquisition
Icon
Forensic image
Icon
Incident Response CDs
Icon
Live imaging of a hard drive
Icon
Linux for the imaging of a hard drive
Icon
Virtualization in data acquisition
Icon
Evidence integrity (the hash function)
Icon
Disk wiping in Linux
Icon
Summary
5
5. Timeline
Icon
5. Timeline
Icon
Timeline introduction
Icon
The Sleuth Kit
Icon
Super timeline – Plaso
Icon
Plaso architecture
Icon
Plaso in practice
Icon
Summary
6
6. Filesystem Analysis and Data Recovery
Icon
6. Filesystem Analysis and Data Recovery
Icon
Hard drive structure
Icon
The FAT filesystem
Icon
The NTFS filesystem
Icon
The Sleuth Kit (TSK)
Icon
Autopsy
Icon
Foremost
Icon
Summary
7
7. Registry Analysis
Icon
7. Registry Analysis
Icon
The registry structure
Icon
Backing up the registry files
Icon
Extracting registry hives
Icon
Parsing registry files
Icon
Auto-run keys
Icon
Registry analysis
Icon
Summary
8
8. Event Log Analysis
Icon
8. Event Log Analysis
Icon
Event Logs - an introduction
Icon
Event Logs system
Icon
Extracting Event Logs
Icon
Summary
9
9. Windows Files
Icon
9. Windows Files
Icon
Windows prefetch files
Icon
Windows tasks
Icon
Windows Thumbs DB
Icon
Windows RecycleBin
Icon
Windows shortcut files
Icon
Summary
10
10. Browser and E-mail Investigation
Icon
10. Browser and E-mail Investigation
Icon
Browser investigation
Icon
Microsoft Internet Explorer
Icon
Firefox
Icon
Other browsers
Icon
E-mail investigation
Icon
Summary
11
11. Memory Forensics
Icon
11. Memory Forensics
Icon
Memory structure
Icon
Memory acquisition
Icon
The sources of memory dump
Icon
Processes in memory
Icon
Network connections in memory
Icon
The DLL injection
Icon
API hooking
Icon
Memory analysis
Icon
Summary
12
12. Network Forensics
Icon
12. Network Forensics
Icon
Network data collection
Icon
Exploring logs
Icon
Using tcpdump
Icon
Using tshark
Icon
Using WireShark
Icon
Knowing Bro
Icon
Summary
13
appA. Building a Forensic Analysis Environment
Icon
appA. Building a Forensic Analysis Environment
Icon
Factors that need to be considered
14
appB. Case Study
Icon
Introduction
Icon
Scenario
Icon
Acquisition
Icon
Live analysis
Icon
Prefetch files
Icon
Browser analysis
Icon
Postmortem analysis
Icon
Summary

Digital forensic goals

The main object in the digital forensic analysis is the digital device related to the security incident under investigation. The digital device was either used to commit a crime, to target an attack, or is a source of information for the analyst. The goals of the analysis phase in the digital forensics process differ from one case to another. It can be used to support or refute assumptions against individuals or entities, or it can be used to investigate information security incidents locally on the system or over a network.

Consider analyzing a compromised system, the goals of the digital forensics, as a whole, are to answer these questions:

  • What happened to the system under analysis?
  • How was it compromised?

During the analysis too, the analyst could answer some other questions based on their findings, such as the following:

  • Who is the attacker? This asks whether the analyst could find the attacker IP and/or an IP of the command and control server or in some cases the attacker profile.
  • When did it happen? This asks whether the analyst could ascertain the time of the infection or compromise.
  • Where did it happen? This asks whether the analyst could identify the compromised systems in the network and the possibility of other victims.
  • Why did it happen? This is based on the attacker's activities in the hacked system, the analyst can form an idea of the attacker's motivation, either financial, espionage, or other.
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Practical Windows Forensics
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon