Home Certification IT Administration Architecture & Design
3D Animation & CGI Internet Marketing
Print this page Share

Mastering Windows Network Forensics and Investigation

ISBN: 978-0-470-09762-5
552 pages
April 2007
Mastering Windows Network Forensics and Investigation (0470097620) cover image


This comprehensive guide provides you with the training you need to arm yourself against phishing, bank fraud, unlawful hacking, and other computer crimes. Two seasoned law enforcement professionals discuss everything from recognizing high-tech criminal activity and collecting evidence to presenting it in a way that judges and juries can understand. They cover the range of skills, standards, and step-by-step procedures you’ll need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.
See More

Table of Contents


Part 1: Understanding and Exploiting Windows Networks.

Chapter 1: Network Investigation Overview.

Chapter 2: The Microsoft Network Structure.

Chapter 3: Beyond the Windows GUI.

Chapter 4: Windows Password Issues.

Chapter 5: Windows Ports and Services.

Part 2: Analyzing the Computer.

Chapter 6: Live-Analysis Techniques.

Chapter 7: Windows File Systems.

Chapter 8: The Registry Structure.

Chapter 9: Registry Evidence.

Chapter 10: Tool Analysis.

Part 3: Analyzing the Logs.

Chapter 11: Text-Based Logs.

Chapter 12: Windows Event Logs.

Chapter 13: Logon and Account Logon Events.

Chapter 14: Other Audit Events.

Chapter 15: Forensic Analysis of Event Logs.

Chapter 16: Presenting the Results.

Appendix A: The Bottom Line.


See More

Author Information

Steve Anson , CISSP, MCSE, is a special agent with the Pentagon’s Defense Criminal Investigative Service. He has a master’s degree in computer science as well as numerous industry certifications. As a former contract instructor for the FBI, he has taught hundreds of veteran federal agents, state and local police officers, and intelligence agency employees techniques for conducting computerintrusion investigations. He also founded and supervised a local police department computer crime and information services unit and served as a task force agent for the FBI. He has conducted investigations involving large-scale computer intrusions, counterterrorism, crimes against children, and many other offenses involving the substantive use of computers.

Steve Bunting is a captain with the University of Delaware Police Department, where he is responsible for computer forensics, video forensics, and investigations involving computers. He has more than thirty years experience in law enforcement, and his background in computer forensics is extensive. He is a Certified Computer Forensics Technician (CCFT) and an EnCase Certified Examiner (EnCE). He was the recipient of the 2002 Guidance Software Certified Examiner Award of Excellence. He has a bachelor’s degree in applied professions/business management from Wilmington College and a computer applications certificate in network environments from the University of Delaware. He has conducted computer forensic examinations for numerous local, state, and federal agencies on a variety of cases, including extortion, homicide, embezzlement, child exploitation, intellectual property theft, and unlawful intrusions into computer systems. He has testified in court on numerous occasions as a computer forensics expert. He has taught computer forensics for Guidance Software, makers of EnCase, and taught as a lead instructor at all course levels. He has been a presenter at several seminars and workshops, is the author of numerous white papers, and is the primary author of the book EnCase Computer Forensics: The Official EnCE: EnCase Certified Examiner Study Guide , which was published by Sybex in early 2006. You can reach him at

See More

New to This Edition

  • A focus on investigating criminal activity and not simply inappropriate use of company networks and systems
  • Guidance that enables students to present this technically complicated material in simple terms with language and analogies that prosecutors, judges, and juries can readily understand.
  • Coverage of the emerging field of "live forensics," where investigators examine a computer, server, or network while it is still running to obtain evidence. (The standard practice has been to perform investigations on unplugged machines or data files that have been seized and taken back to the lab. However, once the machine is unplugged, valuable evidence may be lost.)
See More


Download TitleSizeDownload
Files to Support the Chapter 16 Electronic Reports 534.91 KB Click to Download
See More
Instructors Resources
Wiley Instructor Companion Site
See More
See Less

Related Titles

Learn more about