Mastering Windows Network Forensics and Investigation and over one million other books are available for Amazon Kindle. Learn more

Mastering Windows Network Forensics and Investigation 2nd Edition

6 customer reviews
ISBN-13: 978-1118163825
ISBN-10: 1118163826
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Sell yours for a Gift Card
We'll buy it for $8.32
Learn More
Trade in now
Have one to sell? Sell on Amazon
Buy new
Rent from Amazon Price New from Used from
"Please retry"
Paperback, June 26, 2012
"Please retry"
$18.00 $18.00
More Buying Choices
38 New from $18.00 23 Used from $18.00

InterDesign Brand Store Awareness Rent Textbooks
$35.61 FREE Shipping. In Stock. Ships from and sold by Gift-wrap available.

Frequently Bought Together

Mastering Windows Network Forensics and Investigation + Guide to Computer Forensics and Investigations (with DVD)
Price for both: $170.10

Buy the selected items together

Editorial Reviews

From the Back Cover

Learn How to Conduct a Complete Computer Forensic Investigation

This professional guide teaches law enforcement personnel, prosecutors, and corporate investigators how to investigate crimes involving Windows computers and Windows networks. A top team of forensic experts details how and why Windows networks are targeted, shows you how to analyze computers and computer logs, explains chain of custody, and covers such tricky topics as how to gather accurate testimony from employees in politically charged corporate settings.

From recognizing high-tech criminal activity to presenting evidence in a way that juries and judges understand, this book thoroughly covers the range of skills, standards, and step-by-step procedures you need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.

Coverage includes:

  • Responding to a reported computer intrusion
  • Understanding how attackers exploit Windows networks
  • Deciphering Windows ports, services, file systems, and the registry
  • Examining suspects' computers and entire networks
  • Analyzing event logs and data using live analysis techniques
  • Exploring new complexities from cloud computing and virtualization

Investigate Computer Crimes in Windows Environments

Fully Updated for Windows Server 2008 and Windows 7

Discover How to Locate and Analyze an Attacker's Tools

Learn Detailed Windows Event Log Analysis

About the Author

Steve Anson, CISSP, EnCE, is the cofounder of Forward Discovery. He has previously served as a police officer, FBI High Tech Crimes Task Force agent, Special Agent with the U.S. DoD, and an instructor with the U.S. State Department Antiterrorism Assistance Program (ATA). He has trained hundreds of law enforcement officers around the world in techniques of digital forensics and investigation. Steve Bunting, EnCE, CCFT, has over 35 years of experience in law enforcement, and his background in computer forensics is extensive. He has conducted computer forensic examinations for numerous local, state, and federal agencies on a variety of cases, as well as testified in court as a computer forensics expert. He has taught computer forensics courses for Guidance Software and is currently a Senior Forensic Consultant with Forward Discovery. Ryan Johnson, DFCP, CFCE, EnCE, SCERS, is a Senior Forensic Consultant with Forward Discovery. He was a digital forensics examiner for the Durham, NC, police and a Media Exploitation Analyst with the U.S. Army. He is an instructor and developer with the ATA. Scott Pearson has trained law enforcement entities, military personnel, and network/system administrators in more than 20 countries for the ATA. He is also a certifying Instructor on the Cellebrite UFED Logical and Physical Analyzer Mobile Device Forensics tool and has served as an instructor for the DoD Computer Investigations Training Academy.

Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Product Details

  • Paperback: 696 pages
  • Publisher: Sybex; 2 edition (June 26, 2012)
  • Language: English
  • ISBN-10: 1118163826
  • ISBN-13: 978-1118163825
  • Product Dimensions: 7.4 x 1.4 x 9.3 inches
  • Shipping Weight: 2.3 pounds (View shipping rates and policies)
  • Average Customer Review: 4.2 out of 5 stars  See all reviews (6 customer reviews)
  • Amazon Best Sellers Rank: #494,845 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

14 of 14 people found the following review helpful By Chad Tilbury on July 24, 2012
Format: Paperback
Mastering Windows Network Forensics and Investigations fills an interesting niche not well addressed in the pantheon of digital forensics resources. The material is well suited for beginning and intermediate forensic examiners looking to better understand network artifacts and go beyond single-system forensics. I highly recommend it for system administrators looking for a different perspective on network security or those interested in designing networks to be forensics-friendly. That said, the topics covered do not fit within the classical definition of network forensics. A more apt title might be Mastering Incident Response Forensics and Investigations.

This is the first book I have read in the Sybex Mastering series, and I was impressed with the writing, research, and editing. The authors blended dense material with relevant examples and insightful and engaging text boxes.

Some highlights:

- The event log coverage was excellent; a difficult and prosaic topic was explained in simple terms and with just the right amount of depth. One of my favorite sections included the recovery of event log fragments from free space.

- The chapters on the Windows registry were excellent and had space for rarely talked about advanced concepts like volatile hives, registry redirection and reflection, and registry virtualization.

- The investigative uses of XP Restore Points and Windows 7 Shadow Volumes tied in nicely with other topics.

- The new chapter on virtualization and cloud forensics is a good addition. Live response and data acquisition in virtualized environments like VMWare ESX was covered, and an intelligent discussion on how to prepare for collecting cloud data was started.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
4 of 4 people found the following review helpful By John Sammons on November 22, 2012
Format: Paperback Verified Purchase
One of my new favorite forensic books. I strongly recommend this book for Windows forensics in general, not just for networks. Great explanations of various Windows artifacts, file systems, and much more. The network related topics are covered equally as well. The book is very well written in a way that is both understandable and engaging. This book can work for experts and those starting out as well. An excellent addition to anyone's forensic library.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Paperback Verified Purchase
This is an amazing book. It is well written and straight to the point. It covers every area of the windows operating system that you should expect to find evidence and paint a picture of what the bad guys did during a breach (or whatever else you are investigating). I would recommend this book 10 times over. There are plenty of screenshots and tutorials to review and the websites has data to practice on.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Mastering Windows Network Forensics and Investigation
This item: Mastering Windows Network Forensics and Investigation
Price: $35.61
Ships from and sold by

Want to discover more products? Check out these pages to see more: forensic science, networks, linux security