Customer Reviews

Mastering Windows Network Forensics and Investigation

5 star:		(8)
4 star:		(3)
3 star:		(0)
2 star:		(0)
1 star:		(1)

 

 

As a law enforcement officer, I've often found myself frustrated by books that cover incident response, but never discuss law enforcement involvement, except as an afterthought. While I understand that it's important for corporate and internal investigators to have this type of information, it's refreshing to find a book that talks about the law enforcement response to an computer crime incident.

I've had the privilege of attending classes instructed by both of these authors. One of the things that impressed me about their classes is that they were able to break down complicated technical concepts into terms that cops can understand. They continue to do that in this book.

Computer crime investigators need to add this book to their libraries. I'd say it's a must have.

I have been a federal agent and computer forensic examiner for over 10 years and this is the first book I have found that covers the areas of network forensics and live analysis techniques. Most books will cover how to conduct a standard forensic exam of a stand alone computer, but this book goes into detail on how to conduct forensic exams on networks and find the evidence left behind. I really learned a lot through the excellent screen captures and "how tos" that walk you through the process. The authors cover the forensic exam as well as the invetigation which is very helpful.

I highly recommend this book to anyone who works in the arena of computer crime, ecspecially intrusion investigations and computer forensics.

This book skillfully combines real world network security with law enforcement investigative techniques to deliver a text which will enable you to make the right decisions based on the unique circumstances and facts of each event you are called on to investigate.

I consider this book a must have for anyone in network administration, network security or on a computer emergency response team. The techniques and information contained within are, without a doubt, missing from almost all other books and training you have received.

The book is about the daunting task to get evidence from computers suited with the Windows Operating System. This book is split in three parts. The first part is to get a basic understanding of how things work and what kind of vulnerabilities there are on a typical windows machine. Rootkits are touched lightly although there is some information to get a basic understanding of this complex and threatening technology there could be expected more.

The second part is about analysing a Windows Computer. Tools and techniques are discussed here and some explanation about the various filesystems. There could be less focus on the "EnCase" suite in my opinion.

The last, and in my opinion best part, is about about analysing logs, logparser and how to make your job much easier in gathering information and evidence from a windows machine. A great part with a wealth of useful tips and tricks. Even if you're not directly involved with forensics.

So the authors of this book discussed the basics of foresic investigation and security techniques and also the reasoning behind them. Overall they did a good job. They are not afraid to point out some other interesting booktitles to get even more knowledge about a specific topic. However there could be less focus on "EnCase" and more detailed information about certain topics such as rootkits.

Rob Faber CISSP, CEH, MCSE
Infrastructure architect / Sr. Security consultant
The Netherlands

I read this book to prepare for a computer forensics class. It is one of the best computer books I have read. It covers a lot of material that I wish was covered in my MCSA classes. This book really filled in a lot of holes in my knowledge. The authors make a point of emphasizing real-world skills and pitfalls to avoid. I highly recommend this book for all network admins and investigators.

Don't waste your money.

The opening chapter of this book validates that the author of this book has more personal issues than professional experience. Before the reader has even read the first page, the author points out a personal fallace of his own - the inability to deal with people. The author states, and I quote: "Many of the dead ends you get will be dead ends by people who do not understand computing, are hyper paranoid, or are just plain crazy".

My questions to the author is this: "what do crazy and paranoid people have to do with computer forensics? Is this book about personalities or computer forensics?"

Do not waste your money on this one, even though you may find a tiny bit of information that can help you understand computer forensics, the book's primary focus is the author's lack of social skills.

I have reviewed most 2008r2 books on the topic of logon scripts. I'm talking about Windows Server 2000 script style. For small 2008r2 networks they are very handy and can complement Policy based drive mapping. New Minasi's book is the best information source about implementing logon scripts and of course much more. The book is very sketchy on one crucial subject: directaccess ipv6 new "vpn" technology. Other than that it is a very useful tool for IT professionals.

Very good book for learning a lot of interesting security threats. It brings you through a quick review of network infrastructure, and then dives into how to exploit it, analyze it, and what to look for when conducting an investigation of a windows network environment.

This is a good book on some of the basics of windows forensics. The product came in when I was told it would. Overall I think this is a good all around book for learning more about computer forensics.

This book is well worth the price. Much information regarding network configuration and network logs examination, which is highly needed in performing investigations in todays complicated syndicate