Atnaujinkite slapukų nuostatas

El. knyga: Mastering Windows Network Forensics and Investigation

4.29/5 (26 ratings by Goodreads)
, , ,
  • Formatas: PDF+DRM
  • Išleidimo metai: 30-May-2012
  • Leidėjas: Sybex Inc.,U.S.
  • Kalba: eng
  • ISBN-13: 9781118226148
Kitos knygos pagal šią temą:
Mastering Windows Network Forensics and InvestigationDidesnis paveikslėlis
  • Formatas: PDF+DRM
  • Išleidimo metai: 30-May-2012
  • Leidėjas: Sybex Inc.,U.S.
  • Kalba: eng
  • ISBN-13: 9781118226148
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

Provides information on how to investigate crimes involving Windows environments, covering such topics as registry structure, malware, logs, and cloud computing.

An authoritative guide to investigating high-technology crimes

Internet crime is seemingly ever on the rise, making the need for a comprehensive resource on how to investigate these crimes even more dire. This professional-level book--aimed at law enforcement personnel, prosecutors, and corporate investigators--provides you with the training you need in order to acquire the sophisticated skills and software solutions to stay one step ahead of computer criminals.

  • Specifies the techniques needed to investigate, analyze, and document a criminal act on a Windows computer or network
  • Places a special emphasis on how to thoroughly investigate criminal activity and now just perform the initial response
  • Walks you through ways to present technically complicated material in simple terms that will hold up in court
  • Features content fully updated for Windows Server 2008 R2 and Windows 7
  • Covers the emerging field of Windows Mobile forensics

Also included is a classroom support package to ensure academic adoption, Mastering Windows Network Forensics and Investigation, 2nd Edition offers help for investigating high-technology crimes.

Introduction xvii
Part 1 Understanding and Exploiting Windows Networks
1(156)
Chapter 1 Network Investigation Overview
3(22)
Performing the Initial Vetting
3(2)
Meeting with the Victim Organization
5(7)
Understanding the Victim Network Information
6(2)
Understanding the Incident
8(1)
Identifying and Preserving Evidence
9(2)
Establishing Expectations and Responsibilities
11(1)
Collecting the Evidence
12(3)
Analyzing the Evidence
15(3)
Analyzing the Suspect's Computers
18(3)
Recognizing the Investigative Challenges of Microsoft Networks
21(1)
The Bottom Line
22(3)
Chapter 2 The Microsoft Network Structure
25(38)
Connecting Computers
25(2)
Windows Domains
27(8)
Interconnecting Domains
29(5)
Organizational Units
34(1)
Users and Groups
35(9)
Types of Accounts
36(4)
Groups
40(4)
Permissions
44(8)
File Permissions
45(3)
Share Permissions
48(2)
Reconciling Share and File Permissions
50(2)
Example Hack
52(9)
The Bottom Line
61(2)
Chapter 3 Beyond the Windows GUI
63(22)
Understanding Programs, Processes, and Threads
64(3)
Redirecting Process Flow
67(11)
DLL Injection
70(4)
Hooking
74(4)
Maintaining Order Using Privilege Modes
78(2)
Using Rootkits
80(3)
The Bottom Line
83(2)
Chapter 4 Windows Password Issues
85(52)
Understanding Windows Password Storage
85(3)
Cracking Windows Passwords Stored on Running Systems
88(10)
Exploring Windows Authentication Mechanisms
98(13)
LanMan Authentication
99(4)
NTLM Authentication
103(5)
Kerberos Authentication
108(3)
Sniffing and Cracking Windows Authentication Exchanges
111(10)
Using ScoopLM and BeatLM to Crack Passwords
114(7)
Cracking Offline Passwords
121(13)
Using Cain & Abel to Extract Windows Password Hashes
122(4)
Accessing Passwords through the Windows Password Verifier
126(1)
Extracting Password Hashes from RAM
127(1)
Stealing Credentials from a Running System
128(6)
The Bottom Line
134(3)
Chapter 5 Windows Ports and Services
137(20)
Understanding Ports
137(5)
Using Ports as Evidence
142(7)
Understanding Windows Services
149(6)
The Bottom Line
155(2)
Part 2 Analyzing the Computer
157(192)
Chapter 6 Live-Analysis Techniques
159(20)
Finding Evidence in Memory
159(2)
Creating a Windows Live-Analysis Toolkit
161(12)
Using Dumpit to Acquire RAM from a 64-Bit Windows 7 System
164(2)
Using WinEn to Acquire RAM from a Windows 7 Environment
166(1)
Using FTK Imager Lite to Acquire RAM from Windows Server 2008
167(2)
Using Volatility 2.0 to Analyze a Windows 7 32-Bit RAM Image
169(4)
Monitoring Communication with the Victim Box
173(3)
Scanning the Victim System
176(2)
The Bottom Line
178(1)
Chapter 7 Windows Filesystems
179(36)
Filesystems vs. Operating Systems
179(4)
Understanding FAT Filesystems
183(15)
Understanding NTFS Filesystems
198(10)
Using NTFS Data Structures
198(7)
Creating, Deleting, and Recovering Data in NTFS
205(3)
Dealing with Alternate Data Streams
208(4)
The exFAT Filesystem
212(1)
The Bottom Line
213(2)
Chapter 8 The Registry Structure
215(42)
Understanding Registry Concepts
215(13)
Registry History
217(1)
Registry Organization and Terminology
217(11)
Performing Registry Research
228(4)
Viewing the Registry with Forensic Tools
232(2)
Using EnCase to View the Registry
234(12)
Examining Information Manually
234(2)
Using EnScripts to Extract Information
236(10)
Using AccessData's Registry Viewer
246(5)
Other Tools
251(3)
The Bottom Line
254(3)
Chapter 9 Registry Evidence
257(68)
Finding Information in the Software Key
258(9)
Installed Software
258(6)
Last Logon
264(1)
Banners
265(2)
Exploring Windows Security, Action Center, and Firewall Settings
267(9)
Analyzing Restore Point Registry Settings
276(4)
Windows XP Restore Point Content
280(4)
Analyzing Volume Shadow Copies for Registry Settings
284(6)
Exploring Security Identifiers
290(5)
Examining the Recycle Bin
291(2)
Examining the ProfileList Registry Key
293(2)
Investigating User Activity
295(10)
Examining the PSSP and IntelliForms Keys
295(1)
Examining the MRU Key
296(2)
Examining the RecentDocs Key
298(1)
Examining the TypedURLs Key
298(1)
Examining the UserAssist Key
299(6)
Extracting LSA Secrets
305(2)
Using Cain & Abel to Extract LSA Secrets from Your Local Machine
306(1)
Discovering IP Addresses
307(5)
Dynamic IP Addresses
307(2)
Getting More Information from the GUID-Named Interface
309(3)
Compensating for Time Zone Offsets
312(1)
Determining the Startup Locations
313(9)
Exploring the User Profile Areas
316(2)
Exploring Batch Files
318(1)
Exploring Scheduled Tasks
318(2)
Exploring the AppInit_DLL Key
320(1)
Using EnCase and Registry Viewer
320(1)
Using Autoruns to Determine Startups
320(2)
The Bottom Line
322(3)
Chapter 10 Introduction to Malware
325(24)
Understanding the Purpose of Malware Analysis
325(4)
Malware Analysis Tools and Techniques
329(19)
Constructing an Effective Malware Analysis Toolkit
329(2)
Analyzing Malicious Code
331(7)
Monitoring Malicious Code
338(8)
Monitoring Malware Network Traffic
346(2)
The Bottom Line
348(1)
Part 3 Analyzing the Logs
349(188)
Chapter 11 Text-Based Logs
351(30)
Parsing IIS Logs
351(11)
Parsing FTP Logs
362(7)
Parsing DHCP Server Logs
369(4)
Parsing Windows Firewall Logs
373(3)
Using Splunk
376(3)
The Bottom Line
379(2)
Chapter 12 Windows Event Logs
381(38)
Understanding the Event Logs
381(10)
Exploring Auditing Settings
384(7)
Using Event Viewer
391(20)
Opening and Saving Event Logs
403(4)
Viewing Event Log Data
407(4)
Searching with Event Viewer
411(7)
The Bottom Line
418(1)
Chapter 13 Logon and Account Logon Events
419(44)
Begin at the Beginning
419(43)
Comparing Logon and Account Logon Events
420(2)
Analyzing Windows 2003/2008 Logon Events
422(11)
Examining Windows 2003/2008 Account Logon Events
433(29)
The Bottom Line
462(1)
Chapter 14 Other Audit Events
463(42)
The Exploitation of a Network
463(3)
Examining System Log Entries
466(7)
Examining Application Log Entries
473(1)
Evaluating Account Management Events
473(17)
Interpreting File and Other Object Access Events
490(10)
Examining Audit Policy Change Events
500(3)
The Bottom Line
503(2)
Chapter 15 Forensic Analysis of Event Logs
505(32)
Windows Event Log Files Internals
505(19)
Windows Vista/7/2008 Event Logs
505(8)
Windows XP/2003 Event Logs
513(11)
Repairing Windows XP/2003 Corrupted Event Log Databases
524(3)
Finding and Recovering Event Logs from Free Space
527(9)
The Bottom Line
536(1)
Part 4 Results, the Cloud, and Virtualization
537(60)
Chapter 16 Presenting the Results
539(26)
Report Basics
539(3)
Creating a Narrative Report with Hyperlinks
542(8)
Creating Hyperlinks
543(3)
Creating and Linking Bookmarks
546(4)
The Electronic Report Files
550(2)
Creating Timelines
552(8)
CaseMap and TimeMap
552(3)
Splunk
555(5)
Testifying about Technical Matters
560(2)
The Bottom Line
562(3)
Chapter 17 The Challenges of Cloud Computing and Virtualization
565(32)
What Is Virtualization?
566(3)
The Hypervisor
569(2)
Preparing for Incident Response in Virtual Space
571(4)
Forensic Analysis Techniques
575(12)
Dead Host-Based Virtual Environment
576(8)
Live Virtual Environment
584(2)
Artifacts
586(1)
Cloud Computing
587(8)
What Is It?
587(1)
Services
588(1)
Forensic Challenges
589(1)
Forensic Techniques
589(6)
The Bottom Line
595(2)
Part 5 Appendices
597(2)
Appendix A The Bottom Line
599(34)
Chapter 1 Network Investigation Overview
599(2)
Chapter 2 The Microsoft Network Structure
601(1)
Chapter 3 Beyond the Windows GUI
602(2)
Chapter 4 Windows Password Issues
604(2)
Chapter 5 Windows Ports and Services
606(2)
Chapter 6 Live-Analysis Techniques
608(1)
Chapter 7 Windows Filesystems
609(2)
Chapter 8 The Registry Structure
611(2)
Chapter 9 Registry Evidence
613(5)
Chapter 10 Introduction to Malware
618(2)
Chapter 11 Text-based Logs
620(2)
Chapter 12 Windows Event Logs
622(1)
Chapter 13 Logon and Account Logon Events
623(1)
Chapter 14 Other Audit Events
624(2)
Chapter 15 Forensic Analysis of Event Logs
626(2)
Chapter 16 Presenting the Results
628(2)
Chapter 17 The Challenges of Cloud Computing and Virtualization
630(3)
Appendix B Test Environments
633(14)
Software
633(2)
Hardware
635(1)
Setting Up Test Environments in Training Laboratories
636(11)
Chapter 1 Network Investigation Overview
636(1)
Chapter 2 The Microsoft Network Structure
636(1)
Chapter 3 Beyond the Windows GUI
637(1)
Chapter 4 Windows Password Issues
637(2)
Chapter 5 Windows Ports and Services
639(1)
Chapter 6 Live-Analysis Techniques
639(1)
Chapter 7 Windows Filesystems
640(1)
Chapter 8 The Registry Structure
640(2)
Chapter 9 Registry Evidence
642(1)
Chapter 10 Introduction to Malware
643(1)
Chapter 11 Text-Based Logs
643(1)
Chapter 12 Windows Event Logs
644(1)
Chapter 13 Logon and Account Logon Events
644(1)
Chapter 14 Other Audit Events
644(1)
Chapter 15 Forensic Analysis of Event Logs
645(1)
Chapter 16 Presenting the Results
645(1)
Chapter 17 The Challenges of Cloud Computing and Virtualization
645(2)
Index 647
Steve Anson, CISSP, EnCE, is the cofounder of Forward Discovery. He has previously served as a police officer, FBI High Tech Crimes Task Force agent, Special Agent with the U.S. DoD, and an instructor with the U.S. State Department Antiterrorism Assistance Program (ATA). He has trained hundreds of law enforcement officers around the world in techniques of digital forensics and investigation. Steve Bunting, EnCE, CCFT, has over 35 years of experience in law enforcement, and his background in computer forensics is extensive. He has conducted computer forensic examinations for numerous local, state, and federal agencies on a variety of cases, as well as testified in court as a computer forensics expert. He has taught computer forensics courses for Guidance Software and is currently a Senior Forensic Consultant with Forward Discovery. Ryan Johnson, DFCP, CFCE, EnCE, SCERS, is a Senior Forensic Consultant with Forward Discovery. He was a digital forensics examiner for the Durham, NC, police and a Media Exploitation Analyst with the U.S. Army. He is an instructor and developer with the ATA. Scott Pearson has trained law enforcement entities, military personnel, and network/system administrators in more than 20 countries for the ATA. He is also a certifying Instructor on the Cellebrite UFED Logical and Physical Analyzer Mobile Device Forensics tool and has served as an instructor for the DoD Computer Investigations Training Academy.
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97811182261482e.html