Windows Forensic Analysis Including DVD Toolkit by Harlan Carvey and Dave Kleiman

Windows Forensic Analysis Including DVD Toolkit

Features

Cover Type: Paperback with 416 pages

Published by: Syngress; Pap/DVD edition April 24, 2007

Written in: English

ISBN 10 Number: 159749156X

ISBN 13 Number: 978-1597491563

Book Dimensions: 8.9 x 7 x 1.1 inches

Weighs: 1.4 pounds

Book Description
If you want to know the secrets to incident response and investigating cyber crime on Windows systems, this is THE book and DVD package!

Product Description
The only book available on the market that addresses and discusses in-depth forensic analysis of Windows systems. Windows Forensic Analysis DVD Toolkit takes the reader to a whole new, undiscovered level of forensic analysis for Windows systems, providing unique information and resources not available anywhere else. This book covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. This book also brings this material to the doorstep of system administrators, who are often the front line troops when an incident occurs, but due to staffing and budgets do not have the necessary knowledge to effectively respond. The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else, as they were created by the author.

Reader Reviews
I loved Windows Forensic Analysis (WFA). It's the first five star book from Syngress I've read since early 2006. WFA delivered just what I hoped to read in a book of its size and intended audience, and my expectations were high. If your job requires investigating compromised Windows hosts, you must read WFA. Let me name three aspects of WFA that really sold me. First, the subject matter is exactly what I wanted to read. The book does not repeat basic or fundamental material you can (and should) read elsewhere, like working "crime scenes," hard drive image acquisition, and the like. I recommend the recent book Windows Forensics by Chad Steel (4 stars) as a great first book to read before WFA. The two are sufficiently different yet complementary to warrant reading both, in fact. In addition to not repeating material, WFA covers very recent (late 2006, early 2007) activity in Windows forensics that are not addressed by other books. The chapter on Windows memory analysis (ch 3) was even better than the Registry chapter that everyone likes. WFA cites plenty of outside sources in a way that doesn't confuse the reader and enriches the learning process. Second, WFA introduces a vast number of tools to help investigators implement the concepts author Harlan Carvey explains. Many of the tools are Harlan's own work and are included on the book's DVD. The DVD even contains movies showing how to use some of the tools, like Harlan's Forensic Server Project. Many tools that were new to me appear in the book, but well-known commercial suites like EnCase do not. This is great; if you want to know EnCase, read the (3 star) book on it I reviewed last year. I intend to integrate many of these tools into my own CIRT's response processes. Third, Harlan brings a lot of experience to WFA. He cites plenty of examples and niche topics that I haven't seen elsewhere. I had never heard of using multiple OLE streams to hide entire Word files in Excel spreadsheets and vice-versa. Better yet, Harlan describes how to find these techniques, along with other issues like alternate data streams. Many times multiple ways to approach a problem appear in WFA. Furthermore, Harlan continuously emphasizes implementing repeatable, automated processes to improve the accuracy and scalability of forensic investigations. There really is no excuse to not read WFA. I think it would be interesting to try some of Harlan's tools and techniques on the images and evidence collected by myself and my Real Digital Forensics co-authors Keith Jones and Curtis Rose. Bravo to Harlan for writing WFA. Comment | | (Report this)

List Price: $59.95
Available from Amazon
Price: $53.96
Updated on 6-4-2008.