• List Price: $69.95
  • Save: $41.97 (60%)
Rented from eCampus_
To Rent, select Shipping State from options above
Due Date: Dec 22, 2014
FREE return shipping at the end of the semester. Access codes and supplements are not guaranteed with rentals.
FREE Shipping on orders over $35.
Used: Very Good | Details
Sold by eCampus_
Condition: Used: Very Good
Comment: Ships directly from Amazon! PRIME eligible. FREE Super Saver Shipping and 2 Day and Overnight shipping options available. Hassle free returns and customer service thru Amazon. May contain some highlighting. Supplements such as access codes, CD's etc not guaranteed.
Access codes and supplements are not guaranteed with used items.
Add to Cart
  • List Price: $69.95
  • Save: $3.50 (5%)
Only 6 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
Add to Cart
Trade in your item
Get a $5.36
Gift Card.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Windows Forensic Analysis DVD Toolkit, Second Edition Paperback – June 11, 2009

ISBN-13: 978-1597494229 ISBN-10: 1597494224 Edition: 2nd

Buy New
Price: $66.45
Price: $27.98
27 New from $49.00 21 Used from $25.94
Rent from Amazon Price New from Used from
"Please retry"
"Please retry"
$49.00 $25.94

Frequently Bought Together

Windows Forensic Analysis DVD Toolkit, Second Edition + Windows Forensic Analysis Toolkit, Third Edition: Advanced Analysis Techniques for Windows 7 + File System Forensic Analysis
Price for all three: $172.17

Buy the selected items together

Save up to 90% on Textbooks
Rent textbooks, buy textbooks, or get up to 80% back when you sell us your books. Shop Now

Product Details

  • Paperback: 512 pages
  • Publisher: Syngress; 2 edition (June 11, 2009)
  • Language: English
  • ISBN-10: 1597494224
  • ISBN-13: 978-1597494229
  • Product Dimensions: 1.2 x 7.5 x 9 inches
  • Shipping Weight: 2 pounds (View shipping rates and policies)
  • Average Customer Review: 4.9 out of 5 stars  See all reviews (19 customer reviews)
  • Amazon Best Sellers Rank: #477,218 in Books (See Top 100 in Books)

Editorial Reviews


"If your job requires investigating compromised Windows hosts, you must read Windows Forensic Analysis."--Richard Bejtlich, Coauthor of Real Digital Forensics and Amazon.com Top 500 Book Reviewer

About the Author

Harlan Carvey (CISSP) is a Vice President of Advanced Security Projects with Terremark Worldwide, Inc. Terremark is a leading global provider of IT infrastructure and "cloud computing” services, based in Miami, FL. Harlan is a key contributor to the Engagement Services practice, providing disk forensics analysis, consulting, and training services to both internal and external customers. Harlan has provided forensic analysis services for the hospitality industry, financial institutions, as well as federal government and law enforcement agencies. Harlan's primary areas of interest include research and development of novel analysis solutions, with a focus on Windows platforms.
Harlan holds a bachelor's degree in electrical engineering from the Virginia Military Institute and a master's degree in the same discipline from the Naval Postgraduate School. Harlan resides in Northern Virginia with his family.

More About the Author

Harlan Carvey's interest in computer and information security began while he was an officer in the U.S. military, and a student at the Naval Postgraduate School, earning his MSEE. After leaving military service, he began working in the field of commercial and government information security consulting, performing vulnerability assessments and penetration tests. While employed at one company, he was the sole developer of a program for collecting security-specific information (i.e., Registry entries, file information, configuration settings, etc.) from Windows NT systems during vulnerability assessments. The purpose of the product was to overcome shortfalls in commercial scanning products and provide more valuable information to the customer. Harlan has also done considerable work in the area of incident response and forensics, performing internal and external investigations. He has also written a number of proof-of-concept tools for educating users in such topics as Windows null sessions, file signature analysis, and the retrieval of metadata from a variety of file formats. Harlan's experience with computers began in the early '80s, with a Timex-Sinclair 1000. Around that time, he was learning to program BASIC on an Apple IIe. From there, he moved on to computers such as the Epson QX-10 and the TRS-80, on which he programmed BASIC and learned some rudimentary PASCAL, using the TurboPASCAL compiler. Since then, he's worked with SunOS and Solaris systems, as well as various versions of DOS and Windows, OS/2, and Linux. Harlan has presented at a variety of computer security conferences, including Usenix, DefCon9, Black Hat, GMU2003/HTCIA/RCFG, WACCI, and PFIC2010. He has discussed various topics specific to issues on Windows platforms, such as data hiding, incident response, and forensic analysis. He has had articles published in the Information Security Bulletin, on the SecurityFocus web site, and in the Hakin9 magazine. Finally, Harlan has written a number of open source programs (including RegRipper), which have been made available online and via CDs/DVDs in his books.

Customer Reviews

4.9 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 19 customer reviews
It also introduces the reader to Registry analysis using tools that Harlan wrote- RegRipper and Rip/RipXP.
Joseph Garcia
In short - if you have the first edition then keep your well worn copy for reference and buy this second edition.
J. Murri
This is a book that anyone in the Incident Response or Computer Forensic arena HAS to have on their bookshelf.
T. Yarrish

Most Helpful Customer Reviews

21 of 22 people found the following review helpful By Jimmy Weg on June 7, 2009
Format: Paperback Verified Purchase
The second edition of Harlan's book nicely complements the first and is essential reading for practitioners at all levels. For those of us who primarily engage in exams of acquired images, the chapters on Registry Analysis, File Analysis, Executable Analysis, and Rootkit Detection provide and build upon basic concepts that go beyond what is taught in beginning and intermediate computer forensics courses.

The registry analysis chapter is particularly valuable and one that I draw on repeatedly. The accompanying DVD, with its scripts, not only provides tools to gather the data that Harlan describes, but provides a means to learn while you read by taking a hands on approach to registry analysis.

The chapter on file analysis teaches fundamentals of system files and logs that can provide key evidence in an exam. It explains not only what may be found, but how to get it and why it got there. These are the types of issues that can aid immeasurably when it comes to report writing and courtroom testimony. Similarly, the discussions on malware, rootkits, and executables provide guidance and solutions to considerations of whether an uninvited influence played a role in data arriving on, or departing from, a system.

For those who don't engage in incident or live response at the moment, the time is fast approaching when that aspect forensics is going to be vital to us all. Harlan explains what information is available, and he describes the methods and tools with which we can acquire volatile data and access information that's gone once the plug is pulled. Harlan brings together this area of his book with a discussion of analyzing the data.

In sum, this is a great work that is suited to those who have had basic computer forensics training as well as examiners who have been practicing for a long time. Things change every day, and WFA II provides a means to keep pace.
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
16 of 19 people found the following review helpful By hogfly on June 21, 2009
Format: Paperback
In ancient times, when philosophers and scientists gathered to discuss and debate important topics, people would travel for weeks and months to arrive, just to hear the debates. To listen to the great minds of the time, to learn from them, and on occasion ask questions. In 2009 that trend continues though in a different fashion.

In the case of Windows Forensic Analysis we are fortunate enough to have Harlan Carvey. He has a deep well of knowledge to pull from and he continues to pull buckets of information out of the well to keep us all well hydrated. I was honored to read this book, and it's my privilege to write a review. It's the least I could do.

It's a text book, it's a field manual, it's reference material. This is Windows Forensic Analysis Second Edition and it's the best damn book on the planet for Windows Forensics. I thought I liked the first edition and then I read the second.

It's been updated to be sure, but it's also been expanded. There's current information contained in the over 400 pages of content. There are case studies, there are details you won't find elsewhere.

Want to know how to dump memory and collect volatile data? It's in the book.
Can't recall which tool has certain limitations or what the tool can do? It's in the book.
Want to know how to analyze volatile data? It's in the book.
Want to learn how to registry works? It's in the book.
Want to know how to do Windows Forensic Analysis? Read this book.

I've watched the forums and mailing lists since the first edition of the book was released two years ago. Time after time I read the questions being asked and went to the book. In an overwhelming majority of cases, the answer was there. To those of you that asked these questions, do yourself a favor.
Read more ›
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
7 of 7 people found the following review helpful By Jennifer Kolde on July 23, 2009
Format: Paperback
For several years, Harlan Carvey has led the field in sharing and publishing his extensive knowledge of Windows forensics. The latest edition of Harlan's book does not disappoint, and this updated and revised copy remains THE Windows forensics reference book to have on your shelf. Harlan draws on both his in-depth knowledge of the Windows operating system and his extensive experience in real-world incident response to successfully bridge what is often a gap between the world of the first responder and the world of the forensic analyst. This is particularly appropriate at a time when those roles continue to converge. If there is information to be found on a Windows system (and I think Harlan knows and has documented the Windows registry better than anyone at Microsoft), Harlan will tell you not only where, but also how to find it. But he doesn't stop there; Harlan also provides several open-source (Perl-based) tools on the accompanying DVD to allow you to extract a variety of useful data from a Windows computer to aid you in your investigation. If you want to do two things to aid your incident response / forensics capabilities, then 1. buy this book, and 2. learn Perl!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
8 of 9 people found the following review helpful By Richard Bejtlich on September 7, 2009
Format: Paperback
I read and reviewed the 1st Ed of this book in July 2007, and I just finished reading Windows Forensic Analysis 2nd Ed (WFA2E) this weekend. If your job involves investigating Windows systems, you must read this book. It's as simple as that. There is no substitute for this book. It also perfectly complements other solid forensics works already published.

The three main reasons why I liked the 1st Ed hold for the 2nd Ed. The subject matter is exactly what I wanted to read. WFA2E introduces a vast number of tools to help investigators implement the concepts explained by the author. Harlan brings a lot of experience to WFA. Of these three, I really appreciate Harlan's experience. He is constantly "in the fight" so he knows what works and what doesn't. He's been around so long that he knows what he's talking about. If he encounters a problem, he can either try fixing it himself or he is friends with someone who can work the issue. All of these characteristics shine in WFA2E.

I expect to see a 3rd Ed of this book in a few years, incorporating more Windows Vista and Windows 7 material. It might also be helpful to consider techniques for Windows Server and Mobile platforms in the 3rd Ed. Regardless, I will look forward to that book when it arrives because I enjoyed WFA1E and WFA2E so much.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images

Most Recent Customer Reviews