 Windows Forensics: The Field Guide for Corporate Computer Investigations
ISBN: 978-0-470-03862-8
Paperback
408 pages
May 2006
US $39.99
 Add to Cart
This price is valid for United States. Change location to view local pricing and availability. |
Instructors may request an evaluation copy for this title.
|
The Corporate Computer Forensic Analyst.
Windows Forensics.
People, Processes, and Tools.
Computer Forensics: Today and Tomorrow.
Additional Resources.
Chapter 2. Processing the Digital Crime Scene.
Identify the Scene.
Perform Remote Research.
Secure the Crime Scene.
Document the Scene.
Process the Scene for Physical Evidence.
Process the Scene for Electronic Evidence.
Chain of Custody.
Best Evidence.
Working with Law Enforcement.
Additional Resources.
Chapter 3. Windows Forensic Basics.
History and Versions.
MS-DOS.
Windows 1.x, 2.x, and 3.x.
Windows NT and 2000.
Windows 95, 98, and ME.
Windows XP and 2003.
Non-Volatile Storage.
Floppy Disks.
Tapes.
CDs and DVDs.
USB Flash Drives.
Hard Disks.
Additional Resources.
Chapter 4. Partitions and File Systems.
Master Boot Record.
Windows File Systems.
FAT.
VFAT.
NTFS.
Compression.
Encryption.
Additional Resources.
Chapter 5. Directory Structure and Special Files.
Windows NT/2000/XP.
Directories.
Files.
Windows 9x.
Directories.
Files.
Additional Resources.
Chapter 6. The Registry.
History.
Registry Basics.
Registry Analysis.
General.
Folder Locations.
Startup Items.
Intelliforms.
Advanced Registry Analysis.
Additional Resources.
Chapter 7. Forensic Analysis.
Chapter 8. Live System Analysis.
Covert Analysis.
System State Analysis.
System Tools.
Storage.
Services and Applications.
Remote Enumeration.
Monitoring.
Keystroke Recording.
Network Monitoring.
Overt Analysis.
GUI-based Overt Analysis.
Local Command Line Analysis.
Remote Command Line Analysis.
Basic Information Gathering.
System State Information.
Running Program Information.
Main Memory Analysis.
Additional Resources.
Chapter 9. Forensic Duplication.
Hard Disk Duplication.
In-Situ Duplication.
Direct Duplication.
Magnetic Tape.
Hard Disks.
Optical Disks.
Multi-tiered Storage.
Log File Duplication.
Additional Resources.
Chapter 10. File System Analysis.
Searching.
Index-based Searching.
Bitwise Searching.
Search Methodology.
Hash Analysis.
Positive Hash Analysis.
Negative Hash Analysis.
File Recovery.
Special Files.
Print Spool Files.
Windows Shortcuts.
Paging File.
Additional Resources.
Chapter 11. Log File Analysis.
Event Logs.
Application Log.
System Log.
Security Log.
Successful Log-on/Log-off Events.
Failed Log-on Event.
Change of Policy.
Successful or Failed Object Access.
Account Change.
Log Clearing.
Internet Logs.
HTTP Logs.
FTP Logs.
SMTP Logs.
Additional Resources.
Chapter 12. Internet Usage Analysis.
Web Activity.
Internet Explorer.
Favorites.
History.
Cache.
Cookies.
Firefox.
Favorites.
History.
Cache.
Cookies.
Passwords.
Downloads.
Toolbar History.
Network, Proxy, and DNS History.
Peer-to-Peer Networking.
Gnutella Clients.
Bearshare.
Downloading.
Sharing.
Other Information.
Limewire.
Downloading.
Sharing.
FastTrack Clients.
Overnet, eMule, and eDonkey2000 Clients.
Downloading.
Sharing.
Instant Messaging.
AOL Instant Messenger.
Microsoft Messenger.
Additional Resources.
Chapter 13. Email Investigations.
Outlook/Outlook Express.
Outlook Express.
Acquisition.
Analysis.
Outlook.
Acquisition.
Access Control.
Analysis.
Lotus Notes.
Acquisition.
Access Control and Logging.
Analysis.
Address Book.
Additional Resources.
Appendix A. Sample Chain of Custody Form.
Appendix B. Master Boot Record Layout.
Appendix C. Partition Types.
Appendix D. FAT32 Boot Sector Layout.
Appendix E. NTFS Boot Sector Layout.
Appendix F. NTFS Metafiles.
Appendix G. Well-Known SIDs.
Index.
Buy Both and Save 20%!
 |
+ |  |
Buy Windows Forensics: The Field Guide for Corporate Computer Investigations
(List Price: US $39.99)
with Computer Security, 2nd Edition (List Price = US $70.00) Cannot be combined with any other offers. Learn more. |
;){kind=link}