Windows Forensics and Incident Recovery
|
| |
ISBN |
0321200985 |
|
Release Date |
21 July 2004 |
|
Page |
480 |
|
Category |
Windows |
|
Tags |
forensic,
forensics,
data recovery,
recovery,
incident,
disaster recovery,
computer forensic,
incident response,
forensic discovery,
recover,
"windows forensics",
0321200985,
windows,
degunking windows book,
|
|
This book @Amazon |
View |
|
Description
"Windows Forensics and Incident Recovery doesn't just discuss forensics, it also includes tools for analysis and shows readers how to use them. I look forward to putting these tools through their paces, and I recommend Carvey's book as a terrific addition to the security professional's bookshelf."
—Warren G. Kruse II, Partner
Computer Forensic Services, LLC
"This book is a good reference for the tools needed to prepare for, respond to, and confirm a Windows-based computer incident."
—Brian Carrier
Digital forensics researcher
"This book provides a unique 'command-line centric' view of Microsoft and non-Microsoft tools that can be very helpful to folks responsible for security and system administration on the Windows platform."
—Vishwas Lele, principal architect
Applied Information Sciences, Inc.
"Harlan Carvey's book serves as a great resource for investigators and systems administrators looking to peek under the hoods of their Windows systems."
—Jason Chan, security consultant
@stake
"Regardless of what you know already, you are guaranteed to learn something new about Windows incident response from this book."
—Brian Behler, computer forensics and intrusion analyst/engineer
"Harlan Carvey's vast security and forensics experience shows through in all facets of this work. Many books have attempted to be the prescriptive guide to forensics on the Windows platform. This book not only attempts it, but it succeeds—with guidance to spare."
—Rick Kingslan, Microsoft MVP
West Corporation
"This book is the first to bring together into a single volume the topics of malicious code, incident response, and forensics on the Windows platform. Mr. Carvey's work should serve as a valuable reference for any Windows system administrator or security professional."
—Jennifer Kolde, information security consultant, author, and instructor
"Harlan Carvey's book is a one-of-a-kind approach to do-it-yourself Windows forensics. With detailed and illustrative examples coupled with Harlan's renowned Perl scripts, this book certainly is a great find."
—Mark Burnett, security consultant and author
*
The first book to focus on forensics and incident recovery in a Windows environment
*
Teaches through case studies and real world-examples
*
Companion CD contains unique tools developed by the author.
*
Covers Windows Server 2003, Windows 2000, Windows NT, and Windows XP
If you're responsible for protecting Windows systems, firewalls and anti-virus aren't enough. You also need to master incident response, recovery, and auditing. Leading Windows security expert and instructor Harlan Carvey offers a start-to-finish guide to the subject: everything administrators must know to recognize and respond to virtually any attack.
Drawing on his widely acclaimed course, Carvey uses real-world examples to cover every significant incident response, recovery, and forensics technique. He delivers a complete incident response toolset that combines today's best open source and freeware tools, his own exclusive software and scripts, and step-by-step instructions for using them. This book's tools and techniques apply to every current and professional version of Windows: NT, 2000, XP, and Windows Server 2003. Coverage includes:
*
Developing a practical methodology for responding to potential attacks
*
Preparing your systems to prevent and detect incidents
*
Recognizing the signatures of an attack—in time to act
*
Uncovering attacks that evade detection by Event Viewer, Task Manager, and other Windows GUI tools
*
Using the Forensic Server Project to automate data collection during live investigations
*
Analyzing live forensics data in order to determine what occurred
|
|
