Qty:1
  • List Price: $69.95
  • Save: $11.90 (17%)
In Stock.
Ships from and sold by Amazon.com.
Gift-wrap available.
Condition: Used: Good
Comment: This is a used text in good condition. It may have some writing and highlighting. Ships directly from Amazon. Eligible for free super saver shipping.
Access codes and supplements are not guaranteed with used items.
Sell yours for a Gift Card
We'll buy it for $22.20
Learn More
Trade in now
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Windows Forensic Analysis Toolkit, Third Edition: Advanced Analysis Techniques for Windows 7 Paperback – February 10, 2012

ISBN-13: 978-1597497275 ISBN-10: 1597497274 Edition: 3rd

Buy New
Price: $58.05
36 New from $46.36 14 Used from $46.44
Rent from Amazon Price New from Used from
Kindle
"Please retry"
$18.21
Paperback
"Please retry"
$58.05
$46.36 $46.44

Frequently Bought Together

Windows Forensic Analysis Toolkit, Third Edition: Advanced Analysis Techniques for Windows 7 + Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry + Digital Forensics with Open Source Tools
Price for all three: $160.08

Buy the selected items together
NO_CONTENT_IN_FEATURE
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 296 pages
  • Publisher: Syngress; 3 edition (February 10, 2012)
  • Language: English
  • ISBN-10: 1597497274
  • ISBN-13: 978-1597497275
  • Product Dimensions: 7.5 x 0.6 x 9.2 inches
  • Shipping Weight: 1.3 pounds (View shipping rates and policies)
  • Average Customer Review: 4.7 out of 5 stars  See all reviews (10 customer reviews)
  • Amazon Best Sellers Rank: #268,147 in Books (See Top 100 in Books)

Editorial Reviews

Amazon.com Review

Amazon Exclusive: A Letter from Harlan Carvey, author of Windows Forensic Analysis Toolkit, 3rd Edition
Harlan Carvey

Dear Amazon Readers,

I am not an expert. I really, enthusiastically enjoy performing digital forensic analysis of Windows systems and will get up early (for me…"early" is a relative term) to work on an examination. I enjoy not just finding new things in my analysis, but finding new combinations of things, looking for those hidden patterns to jump out of the data. I enjoy writing code to parse the binary contents of a file so that I can then see how the various teeth of the operating system and application gears mesh together, and in seeing what primary, secondary, and tertiary artifacts are left by various events that occur on a system.

When I first started writing books, I did so because I could not find something that would fit what I saw as my needs. Sure, there were books available that covered some aspects of digital forensic analysis of Windows systems, but there wasn't anything available that really went into depth on analyzing Windows as a system of interconnected components. There were books that covered some of the really obvious indications of an intrusion or malware infection, but how often are our examinations really about finding the obvious artifacts? I knew I couldn't be the only one looking for something like this, and writing a book not only provided a reference for myself and others, but the act of writing required me to polish and hone my thoughts. I hope you enjoy the finished product, and that it leads you beyond the obvious.

I hope you find my attempt to contribute to the digital forensics analysis community to be useful and thought-provoking. Thank you.

--Harlan Carvey

Review

"Harlan has done it again! Continuing in the tradition of excellence established by the previous editions, Windows Forensics Analysis Toolkit 3e is an indispensable resource for any forensic examiner. Whether you're a seasoned veteran or just starting out, this work is required reading. WFA3e will maintain a perennial spot on my core reference bookshelf!"--Cory Altheide, Google

"Windows Forensic Analysis Toolkit 3rd Edition provides a wealth of important information for new and old practitioners alike. Not only does it provide a great overview of artifacts of interest on Windows 7 systems, but it also presents plenty of technology independent concepts that play an important role in any investigation. Feel free to place a copy on your shelf next to WFA 2ed and WRF."--Digital4rensics.com

"The third edition of this reference for system administrators, digital forensic analysts, students, and law enforcement does not replace the second edition, but rather serves as a companion. Coverage encompasses areas such as immediate response, volume shadow copies, file and registry analysis, malware detection, and application analysis. Learning features include b&w screenshots, tip and warning boxes, code (also available on a website), case studies, and 'war stories' from the field. The tools described throughout the book are written in the Perl scripting language, but readers don't need to be experts in Perl, and most of the scripts are accompanied by Windows executables found online. For this third edition, a companion website provides printable checklists, cheat sheets, custom tools, and demos."--Reference and Research Book News, Inc.

"There is a good reason behind the success of the previous editions of this book, and it has to do with two things: new Windows versions are different enough from previous ones to warrant a new edition and, most importantly, the author is simply that good at explaining things. This edition is no different."--HelpNetSecurity


More About the Author

Harlan Carvey's interest in computer and information security began while he was an officer in the U.S. military, and a student at the Naval Postgraduate School, earning his MSEE. After leaving military service, he began working in the field of commercial and government information security consulting, performing vulnerability assessments and penetration tests. While employed at one company, he was the sole developer of a program for collecting security-specific information (i.e., Registry entries, file information, configuration settings, etc.) from Windows NT systems during vulnerability assessments. The purpose of the product was to overcome shortfalls in commercial scanning products and provide more valuable information to the customer. Harlan has also done considerable work in the area of incident response and forensics, performing internal and external investigations. He has also written a number of proof-of-concept tools for educating users in such topics as Windows null sessions, file signature analysis, and the retrieval of metadata from a variety of file formats. Harlan's experience with computers began in the early '80s, with a Timex-Sinclair 1000. Around that time, he was learning to program BASIC on an Apple IIe. From there, he moved on to computers such as the Epson QX-10 and the TRS-80, on which he programmed BASIC and learned some rudimentary PASCAL, using the TurboPASCAL compiler. Since then, he's worked with SunOS and Solaris systems, as well as various versions of DOS and Windows, OS/2, and Linux. Harlan has presented at a variety of computer security conferences, including Usenix, DefCon9, Black Hat, GMU2003/HTCIA/RCFG, WACCI, and PFIC2010. He has discussed various topics specific to issues on Windows platforms, such as data hiding, incident response, and forensic analysis. He has had articles published in the Information Security Bulletin, on the SecurityFocus web site, and in the Hakin9 magazine. Finally, Harlan has written a number of open source programs (including RegRipper), which have been made available online and via CDs/DVDs in his books.

Customer Reviews

4.7 out of 5 stars
5 star
7
4 star
3
3 star
0
2 star
0
1 star
0
See all 10 customer reviews
This book is a great extension to the second edition.
Brandon Meyer
Well organized, well written and with a lot of real examples and very good point of views.
Alexandre Borges
This book provides the essential reference for Windows 7 analysis.
Jennifer Kolde

Most Helpful Customer Reviews

3 of 3 people found the following review helpful By Jennifer Kolde on March 5, 2012
Format: Paperback
If you've worked with Windows for any length of time, you know that each subsequent version of Microsoft's operating system tends to be almost the same...and yet entirely different. Windows 7 is no exception, giving us many familiar logs, structures, and artifacts that we know from Windows XP or 2003...only revised and expanded, or in different locations, or in different formats, or all of the above. Not to mention the brand new stuff.

Harlan has once again found the sweet spot - instead of fully revising the Second Edition of his book (which would be premature, as most environments still have extensive XP / 2003 infrastructure in place, and likely will for some time), he provides a companion book that builds on his previous volumes and outlines the new technologies and key differences between Windows 7 and earlier versions of the OS.

Now that many corporations are finally rolling out Windows 7 in force, forensic examiners are also making the transition to analyzing "new" Windows systems. This book provides the essential reference for Windows 7 analysis. While many of the technologies and techniques in Harlan's book have been discussed on blogs, mailing lists, and at conferences, he has been kind enough to collect the information in one place. In addition, he has been thorough enough to verify and expand upon the information through his own research and analysis, providing real world examples, tips, and cautions along the way.

Finally, as always Harlan writes with a keen awareness - both first-hand and through his extensive industry contacts - of what is current "in the field". This encompasses not only the specific questions and challenges faced by real analysts in real cases, but the tools and techniques in use or under development to address those issues.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
3 of 3 people found the following review helpful By Katie on February 18, 2013
Format: Paperback Verified Purchase
I needed this book for my forensic class and I was able to find it for a great price. The book is a bit boring the author keeps going off on tangents about his life, instead of teaching
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 2 people found the following review helpful By Jimmy Weg on February 26, 2012
Format: Paperback
I found that Harlan's latest book is a great adjunct to my collection of his works. While it presents many of the essential operating system updates that we've discussed on forums, it also reviews enough previously published material to give the reader a foundation upon which to grasp important topics that haven't been issues in earlier systems. I like the way that Harlan laid out the chapters; he presents the material succinctly, yet with sufficient detail to provide a worthwhile learning experience. From my perspective, I particularly appreciate the Malware Detection chapter, as it presents a very nice summary of problems that many law enforcement examiners face, and Harlan provides not only direction, but tells us why certain procedures and artifacts are important.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Brandon Meyer on May 15, 2014
Format: Paperback Verified Purchase
This book is a great extension to the second edition. NOTE: THIS BOOK CONTINUES ON FROM THE SECOND EDITION. This is not a complete rewrite or modifications, this is a continuation which means it references things that Harlan mentions in the Second Edition.
With that out of the way this book is great. I read along and I don't get bored, normally I would be bored with books like this but the writing is great so I can follow along easily. The tips and tidbits are great that go with. I highly recommend this book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By W. Reis on March 18, 2014
Format: Paperback Verified Purchase
If you are interested in this subject this is a good primer for the basics and how to documentation. Nice layout do not have to read from cover to cover
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

What Other Items Do Customers Buy After Viewing This Item?