Windows forensics : understand analysis techniques for your Windows / Dr. Chuck Easttom, Dr. William Butler, Jessica Phelan, Ramya Sai Bhagavatula, Sean Steuber, Karely Rodriguez, Victoria Indy Balkissoon, Zehra Naseer.

Author/creator Easttom, Chuck author.
Format Book
Publication Info[Place of publication not identified] : APRESS, 2024.
PublicationNew York, NY : Apress, [2024]
Description484 pages
Subjects
Microsoft Windows (Computer file)
Computer crimes--Investigation.
Computer networks--Security measures.
Computer security.

Other author/creatorButler, William (Computer writer), author.
Other author/creatorPhelan, Jessica, author.
Other author/creatorBhagavatula, Ramya Sai, author.
Other author/creatorSteuber, Sean, author.
Other author/creatorRodriguez, Karely, author.
Other author/creatorIndy Balkissoon, Victoria, author.
Other author/creatorNaseer, Zehra, author.
Portion of title WINDOWS FORENSICS : understand analysis techniques for your windows.
Contents Intro -- Table of Contents -- About the Authors -- About the Technical Reviewer -- Acknowledgments -- Introduction -- Chapter 1: Introduction to Windows -- Introduction -- What Is an Operating System? -- History of Windows -- The File System -- Windows Details -- Windows Timestamps -- Windows Active Directory -- DLLs and Services -- Swap File and Hyberfil.sys -- Windows Logs -- Windows Log Entries -- Windows Command Line -- Windows Defender -- Windows Control Panel -- Windows Recovery -- System and Security -- Hardware and Sound -- Certmgr -- Windows Boot Sequence -- Warm and Cold Booting
Contents POST -- BitLocker -- Conclusions -- Test Your Knowledge -- Chapter 2: Forensics Concepts -- Why Windows Forensics? -- Windows Forensics vs. Computer Forensics -- Scope of Windows Forensics -- Relevant Laws -- Relevant Standards -- European Union -- FBI Forensics Guidelines -- Windows Forensics Process -- The Scientific Method -- Writing a Digital Forensics Report -- Important Criteria -- General Structure -- Testifying As an Expert Witness -- Forensic Quality -- Conclusions -- References .
Contents POST -- BitLocker -- Conclusions -- Test Your Knowledge -- Chapter 2: Forensics Concepts -- Why Windows Forensics? -- Windows Forensics vs. Computer Forensics -- Scope of Windows Forensics -- Relevant Laws -- Relevant Standards -- European Union -- FBI Forensics Guidelines -- Windows Forensics Process -- The Scientific Method -- Writing a Digital Forensics Report -- Important Criteria -- General Structure -- Testifying As an Expert Witness -- Forensic Quality -- Conclusions -- References -- Test Your Knowledge -- Chapter 3: Creating Forensic Images Using OSForensics, FTK Imager, and Autopsy.
Contents Key Concepts -- Terminology: Distinguishing Between Disk Images and Forensic Images -- Logical vs. Physical Drives -- Hashing Algorithms: SHA-256 As Digital Fingerprints -- Best Practices for Admissibility in Court -- NIST Standards -- Creating Forensic Images with OSForensics -- Why OSForensics? -- Installing OSForensics -- Step-by-Step Guide to Image a Drive Using OSForensics -- Creating Forensic Images with FTK Imager -- Why FTK Imager? -- Installing FTK Imager -- Step-by-Step Guide to Imaging a Drive Using FTK Imager -- Mounting a Drive -- Step-by-Step Guide to Mounting a Drive.
Contents Using Autopsy -- Understanding the Contents of a Forensic Image Through Deeper Analysis -- Recovering Deleted Files -- Searching for Deleted Files -- File Carving -- Viewing Contents of the Deleted Files -- Autopsy and Deleted Files -- Uncovering User Activity -- Scanning User Activity -- Autopsy User Activity -- Conclusion -- References -- Test Your Knowledge -- Chapter 4: Windows File Artifacts -- Why Study Windows Artifacts? -- What Are Windows Artifacts? -- Deleted Files -- Individual Files -- .LNK Files -- Log Files -- Recycle Bin -- I30 File -- USN Journal.
Contents Standard_Information vs. File_Name -- Autorun Commands -- Browser Artifacts -- Stored Credentials -- Cloud Storage -- Less Common Artifacts -- Windows Error Reporting (WER) Forensics -- RDP Cache Forensics -- Windows Timeline -- Browser Extensions -- Conclusions -- References -- Test Your Knowledge -- Chapter 5: Windows Registry Forensics Part 1 -- Introduction -- Registry Overview -- Specific Registry Keys -- General Information -- USB Information -- MRU -- ShellBags -- User Assist -- Prefetch -- Mounted Devices -- AutoStart Programs -- Tools -- OSForensics -- ShellBags Explorer.
Abstract This book is your comprehensive guide to Windows forensics. It covers the process of conducting or performing a forensic investigation of systems that run on Windows operating systems. It also includes analysis of incident response, recovery, and auditing of equipment used in executing any criminal activity. The book covers Windows registry, architecture, and systems as well as forensic techniques, along with coverage of how to write reports, legal standards, and how to testify. It starts with an introduction to Windows followed by forensic concepts and methods of creating forensic images. You will learn Windows file artefacts along with Windows Registry and Windows Memory forensics. And you will learn to work with PowerShell scripting for forensic applications and Windows email forensics. Microsoft Azure and cloud forensics are discussed and you will learn how to extract from the cloud. By the end of the book you will know data-hiding techniques in Windows and learn about volatility and a Windows Registry cheat sheet. What Will You Learn Understand Windows architecture Recover deleted files from Windows and the recycle bin Use volatility and PassMark volatility workbench Utilize Windows PowerShell scripting for forensic applications Who This Book Is For Windows administrators, forensics practitioners, and those wanting to enter the field of digital forensics.
General noteIncludes index.
General noteRegistry Explorer
ISBN9798868801921 (paperback)

Availability

Library Location Call Number Status Item Actions
Joyner General Stacks QA76.76 .M52 E37 2024 ✔ Available Place Hold