?If your job requires investigating compromised Windows hosts, you must read Windows Forensic Analysis.?
?Richard Bejtlich, Coauthor of Real Digital Forensics and Amazon.com Top 500 Book Reviewer
?The Registry Analysis chapter alone is worth the price of the book.?
?Troy Larson, Senior Forensic Investigator of Microsoft's IT Security Group
?I also found that the entire book could have been written on just registry forensics. However, in order to create broad appeal, the registry section was probably shortened. You can tell Harlan has a lot more to tell.?
?Rob Lee, Instructor and Fellow at the SANS Technology Institute, coauthor of Know Your Enemy: Learning About Security Threats, 2E
Windows Forensic Analysis DVD Toolkit, 2E replaces the first edition as the most comprehensive and thorough resource on incident response and forensic analysis of Windows systems available, providing information and resources not available anywhere else. This book covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. It also brings this material to the doorstep of system administrators, who are often the frontline troops when an incident occurs, but due to staffing and budgets do not have the necessary knowledge to respond effectively. The companion DVD contains significant new and updated materials (movies, spreadsheet, code, etc.) not available any place else, because they were created and maintained by the author.
In the two years since the first edition was originally published, cybercrime has continued to increase, and the criminals committing the crimes have continued to become more sophisticated. Analysts and investigators need up-to-date information to stay one step ahead, whether they're examining a system for signs of an intrusion or a data breach. Also, state and federal legislation (e.g., CA-1386), as well as standards issued by regulatory bodies (e.g., PCI and HIPAA), are adding an entirely new dimension to what was once thought to be solely the domain of IT staff. Incident responders and forensic analysts now have a whole new set of questions to answer, and the only way to answer them is to be armed the latest and most up-to-date information and analysis techniques, all of which are covered in detail in this critical update of the best-selling resource.
* Based on reviewer feedback, the most popular chapter of the book, ?Registry Analysis,? is thoroughly upgraded and expanded with a completely new set of unique tools developed and demonstrated by the author.
* A brand-new chapter, ?Forensic Analysis on a Budget,? collects freely available tools that are essential for small labs, state (or below) law enforcement, and educational organizations that can't afford bloated and expensive application suites.
* Completely new chapter ?Tying It All Together? puts the otherwise isolated concepts in the book into context of incident response and addresses frequent questions posed in public lists and forums.
* Once something a responder should do, developments in 2008 made Windows memory analysis a more sophisticated and important requirement that is given increased detail and focus in the new version of the chapter in this book.
* New pedagogical elements??Lessons from the Field,? ?Case Studies,? and ?War Stories??present real-life experiences from the trenches by an expert in the trenches, making the material real and showing the why behind the how.
* The companion DVD contains new, significant, and unique materials (movies, spreadsheet, code, etc.) not available any place else, because they were created by the author.