|
|
Windows Forensic Analysis Including DVD Toolkit
|
List Price: $59.95
Our Price: $48.48
Your Save: $11.47 ( 19% )
Availability: Please click buy button for full availability
information.
Average Customer Rating:
Manufacturer: Syngress
|
|
|
Binding: Paperback
Dewey Decimal Number: 363.250968
EAN: 9781597491563
ISBN: 159749156X
Label: Syngress
Manufacturer: Syngress
Number Of Items: 1
Number Of Pages: 416
Publication Date: 2007-04-24
Publisher: Syngress
Studio: Syngress
|
|
|
|
|
|
Spotlight customer reviews:
|
Customer Rating:
Summary: An excellent book for the IR practitioner
Comment: I purchased this book a few days ago, and as soon as I read the first chapter, I realized that I needed to read the entire book as quickly as possible. This is a wonderful book, and parts of it truely invoked a state of "nerdvana" in me!
PRO's:
First, I will say that the information in this book is tightly packed. There is no unnecessary verbage, and the writing is direct, to the point and understandable. There is a high ratio of technical content to noise, and this greatly contributed to my enjoyment of the book. Even in the technical areas that I was already familiar with, I found the summary of the information to be precise, accurate and helpful. I can see keeping the book around as a reference guide for years to come. The general structure of the book, for example the sections in grey boxes with the [!] annotation, works well, and the end-of-chapter summary and review (particularly the Q&A) are good.
There were several sections, ones that I was personally weak in to start with, that I found particularly helpful, such as the sections on analyzing packed or compressed executables and malware. I had just never gotten around to reading the whitepapers on these, and I'm glad I didn't as those chapters of the book summarized in a few pages what would have taken many more to pick up by reading other original sources. I personally thought that the chapter-to-chapter flow of the narrative was fine for anyone who does incident response on a regular basis.
Through the years, Harlan Carvey has developed and made available his tools in an open (perl) format with no need for compensation. The tools on the DVD alone are worth the money of the book, and are a great addition to any IR toolkit. The references to third party tools, many of which I hadn't heard of, were also particularly helpful.
CON's:
If you are not very technical, or not very familiar with the Windows operating system, you may be overwhelmed by the level of technical detail. If you are an experienced administrator, however, you should be able to adapt what you know about other operating systems (e.g. file structures, process execution, etc.) fairly easily. There were a few typographical errors in the book that didn't detract from its readability or technical accuracy.
All in all, and excellent book, and a must-have for ANY windows incident responder.
Customer Rating:
Summary: Invaluable in a case
Comment: Harlan Carvey's book, Windows Forensic Analyisis, is an invaluable resource in any computer forensic examination of a Windows based computer. In real-life experience, I had a case where I had to determine file use by a former employee. The company never took the computer out of service and continued to use the machine after the employee left the company. By using the information in Windows Forensic Analysis on system restore points and MRU registry entries, I was able to determine not only what files were used but on what days. This book is one of the first I look to when I have questions on examining Windows systems. If you only have one reference book for Windows examinations, this should be the one. A must-have for any computer forensic examiners library!!
Customer Rating:
Summary: Taking Windows Analysis to the Next Step...
Comment: Harlan poured his clear love of incident response and of the forensic profession into this book. Windows Forensic Analysis dives into many exceptional topics that are routinely overlooked in similar material. The entire book covers many novel analysis techniques and topics, the registry analysis chapter and the file analysis chapter discusses many detailed artifacts and areas of examination during forensics that up until this was published was only discussed deep inside forensic circles or discovered through hard earned on-the-ground experience. The book's only drawback is that it covers too many topics and the chapters do not flow together as well as I would have hoped. A single chapter is excellent, but in many cases it doesn't lead you to the next one. I also found that the entire book could have been written on just registry forensics. However, in order to create broad appeal, the registry section was probably shortened. You can tell Harlan has a lot more to tell. Finally, the CDROM companion could have had more polish to the file layout as finding some of the tools is slightly confusing upon initial glance. Even with these minor drawbacks, the information in each chapter is phenomenal. I recommend this book to anyone looking to advance their understanding of the Windows analysis environment.
Customer Rating:
Summary: A must have for the forensic professional
Comment: Once again Harlan Carvey has provided a resource worth every penny. The chapters detailing registry and memory analysis alone were extremely valuable to me. The accompanying DVD provides countless Perl scripts to assist in the collection and sorting of data.
Customer Rating:
Summary: Unique and helpful
Comment: This book is essential for understanding how to analyze memory dumps, albeit many forensic investigators will usually turnoff a computer instead of getting a memory capture to do a more traditional analysis.
The included scripts are very helpful. This book unlike many other books in this genera is designed for the technical professional. Forensic analysis is often like a who done it mystery, and having some more tools in your toolkit will assist you in thinking outside the box. The registry analysis was thorough and essential for a recent project. The memory dump analysis scripts were helpful in a recent Defcon Capture the Flag Competition. A sample chapter is avaliable online.
|
|
|
Editorial Reviews:
|
The only book available on the market that addresses and discusses in-depth forensic analysis of Windows systems. Windows Forensic Analysis DVD Toolkit takes the reader to a whole new, undiscovered level of forensic analysis for Windows systems, providing unique information and resources not available anywhere else. This book covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. This book also brings this material to the doorstep of system administrators, who are often the front line troops when an incident occurs, but due to staffing and budgets do not have the necessary knowledge to effectively respond. The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else, as they were created by the author.
|
|
|
|
|
|
|
|
