Mastering Windows Network Forensics and Investigation [Paperback]

Steven Anson (Author), Steve Bunting (Author)

Book Description

Publication Date: April 2, 2007 | ISBN-10: 0470097620 | ISBN-13: 978-0470097625 | Edition: 1

This comprehensive guide provides you with the training you need to arm yourself against phishing, bank fraud, unlawful hacking, and other computer crimes. Two seasoned law enforcement professionals discuss everything from recognizing high-tech criminal activity and collecting evidence to presenting it in a way that judges and juries can understand. They cover the range of skills, standards, and step-by-step procedures you’ll need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.

Editorial Reviews

From the Back Cover

Conduct Cutting-Edge Forensic Investigations of Computer Crimes.

Whether it's phishing, bank fraud, or unlawful hacking, computer crimes are on the rise, and law enforcement personnel who investigate these crimes must learn how to properly gather forensic evidence in the computer age.

Now you can get the training you need in this comprehensive guide from two seasoned law enforcement professionals. From recognizing high-tech criminal activity and collecting evidence to presenting it in a way that judges and juries can understand, this book covers the range of skills, standards, and step-by-step procedures you’ll need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.

The book also covers the emerging field of “live forensics,” where investigators examine a system to obtain evidence while it is still running, thus preserving live data that may be lost if the system is shut down.

COVERAGE INCLUDES:

• Responding to a reported computer intrusion
• Conducting the initial interview with the victims
• Understanding how attackers exploit Windows networks
• Deciphering Windows file systems, registries, and more
• Analyzing data rapidly using live analysis techniques
• Examining suspects’ computers
• Using EnCase® for Windows event log analysis
• Presenting technically complicated material to juries

About the Author

Steve Anson , CISSP, MCSE, is a special agent with the Pentagon’s Defense Criminal Investigative Service. He has a master’s degree in computer science as well as numerous industry certifications. As a former contract instructor for the FBI, he has taught hundreds of veteran federal agents, state and local police officers, and intelligence agency employees techniques for conducting computerintrusion investigations. He also founded and supervised a local police department computer crime and information services unit and served as a task force agent for the FBI. He has conducted investigations involving large-scale computer intrusions, counterterrorism, crimes against children, and many other offenses involving the substantive use of computers.

Steve Bunting is a captain with the University of Delaware Police Department, where he is responsible for computer forensics, video forensics, and investigations involving computers. He has more than thirty years experience in law enforcement, and his background in computer forensics is extensive. He is a Certified Computer Forensics Technician (CCFT) and an EnCase Certified Examiner (EnCE). He was the recipient of the 2002 Guidance Software Certified Examiner Award of Excellence. He has a bachelor’s degree in applied professions/business management from Wilmington College and a computer applications certificate in network environments from the University of Delaware. He has conducted computer forensic examinations for numerous local, state, and federal agencies on a variety of cases, including extortion, homicide, embezzlement, child exploitation, intellectual property theft, and unlawful intrusions into computer systems. He has testified in court on numerous occasions as a computer forensics expert. He has taught computer forensics for Guidance Software, makers of EnCase, and taught as a lead instructor at all course levels. He has been a presenter at several seminars and workshops, is the author of numerous white papers, and is the primary author of the book EnCase Computer Forensics: The Official EnCE: EnCase Certified Examiner Study Guide , which was published by Sybex in early 2006. You can reach him at sbunting@udel.edu.

Product Details

• Paperback: 552 pages
• Publisher: Sybex; 1 edition (April 2, 2007)
• Language: English
• ISBN-10: 0470097620
• ISBN-13: 978-0470097625
• Product Dimensions: 9.1 x 7.4 x 1.2 inches
• Shipping Weight: 1.8 pounds (View shipping rates and policies)
• Average Customer Review: 4.4 out of 5 stars  See all reviews (12 customer reviews)
• Amazon Best Sellers Rank: #372,291 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

8 of 8 people found the following review helpful:

5.0 out of 5 stars It's refreshing to finally be part of the "target audience", April 17, 2007

By 

Bryan Walker (Chapel Hill, NC United States) - See all my reviews
(REAL NAME)   

This review is from: Mastering Windows Network Forensics and Investigation (Paperback)

As a law enforcement officer, I've often found myself frustrated by books that cover incident response, but never discuss law enforcement involvement, except as an afterthought. While I understand that it's important for corporate and internal investigators to have this type of information, it's refreshing to find a book that talks about the law enforcement response to an computer crime incident.

I've had the privilege of attending classes instructed by both of these authors. One of the things that impressed me about their classes is that they were able to break down complicated technical concepts into terms that cops can understand. They continue to do that in this book.

Computer crime investigators need to add this book to their libraries. I'd say it's a must have.

8 of 8 people found the following review helpful:

5.0 out of 5 stars Great "How to" for network forensics and live captures, April 13, 2007

By 

Thomas Hyslip - See all my reviews
(REAL NAME)   

This review is from: Mastering Windows Network Forensics and Investigation (Paperback)

I have been a federal agent and computer forensic examiner for over 10 years and this is the first book I have found that covers the areas of network forensics and live analysis techniques. Most books will cover how to conduct a standard forensic exam of a stand alone computer, but this book goes into detail on how to conduct forensic exams on networks and find the evidence left behind. I really learned a lot through the excellent screen captures and "how tos" that walk you through the process. The authors cover the forensic exam as well as the invetigation which is very helpful.

I highly recommend this book to anyone who works in the arena of computer crime, ecspecially intrusion investigations and computer forensics.

6 of 6 people found the following review helpful:

5.0 out of 5 stars A must have for network security administrators and computer/network crime investigators., April 21, 2007

By 

Shea Tisdale - See all my reviews
(REAL NAME)   

This review is from: Mastering Windows Network Forensics and Investigation (Paperback)

This book skillfully combines real world network security with law enforcement investigative techniques to deliver a text which will enable you to make the right decisions based on the unique circumstances and facts of each event you are called on to investigate.

I consider this book a must have for anyone in network administration, network security or on a computer emergency response team. The techniques and information contained within are, without a doubt, missing from almost all other books and training you have received.