+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

PRINTER FRIENDLY

Mastering Windows Network Forensics and Investigation. 2nd Edition

  • ID: 2253522
  • Book
  • June 2012
  • 696 Pages
  • John Wiley and Sons Ltd
1 of 3
Learn How to Conduct a Complete Computer Forensic Investigation

This professional guide teaches law enforcement personnel, prosecutors, and corporate investigators how to investigate crimes involving Windows computers and Windows networks. A top team of forensic experts details how and why Windows networks are targeted, shows you how to analyze computers and computer logs, explains chain of custody, and covers such tricky topics as how to gather accurate testimony from employees in politically charged corporate settings.

From recognizing high–tech criminal activity to presenting evidence in a way that juries and judges understand, this book thoroughly covers the range of skills, standards, and step–by–step procedures you need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.

Coverage includes:

  • Responding to a reported computer intrusion
  • Understanding how attackers exploit Windows networks
  • Deciphering Windows ports, services, file systems, and the registry
  • Examining suspects′ computers and entire networks
  • Analyzing event logs and data using live analysis techniques
  • Exploring new complexities from cloud computing and virtualization

Investigate Computer Crimes in Windows Environments

Fully Updated for Windows Server 2008 and Windows 7

Discover How to Locate and Analyze an Attacker′s Tools

Learn Detailed Windows Event Log Analysis

Note: Product cover images may vary from those shown
2 of 3
Introduction xvii

Part 1 Understanding and Exploiting Windows Networks 1

Chapter 1 Network Investigation Overview 3

Chapter 2 The Microsoft Network Structure 25

Chapter 3 Beyond the Windows GUI 63

Chapter 4 Windows Password Issues 85

Chapter 5 Windows Ports and Services 137

Part 2 Analyzing the Computer 157

Chapter 6 Live–Analysis Techniques 159

Chapter 7 Windows Filesystems 179

Chapter 8 The Registry Structure 215

Chapter 9 Registry Evidence 257

Chapter 10 Introduction to Malware 325

Part 3 Analyzing the Logs 349

Chapter 11 Text–Based Logs 351

Chapter 12 Windows Event Logs 381

Chapter 13 Logon and Account Logon Events 419

Chapter 14 Other Audit Events 463

Chapter 15 Forensic Analysis of Event Logs 505

Part 4 Results, the Cloud, and Virtualization 537

Chapter 16 Presenting the Results 539

Chapter 17 The Challenges of Cloud Computing and Virtualization 565

Part 5 Appendices 597

Appendix A The Bottom Line 599

Appendix B Test Environments 633

Index 647

Note: Product cover images may vary from those shown
3 of 3
Steven Anson
Steve Bunting
Ryan Johnson
Scott Pearson
Note: Product cover images may vary from those shown
Adroll
adroll