Mastering Windows Network Forensics and Investigation (Paperback)

~ Steven Anson (Author), Steve Bunting (Author)
Key Phrases: svchost process, hive files, log parser, Registry Viewer, Windows Firewall, Kernel Mode (more...)

Editorial Reviews

Product Description

This comprehensive guide provides you with the training you need to arm yourself against phishing, bank fraud, unlawful hacking, and other computer crimes. Two seasoned law enforcement professionals discuss everything from recognizing high-tech criminal activity and collecting evidence to presenting it in a way that judges and juries can understand. They cover the range of skills, standards, and step-by-step procedures you’ll need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.

From the Back Cover

Conduct Cutting-Edge Forensic Investigations of Computer Crimes.

Whether it's phishing, bank fraud, or unlawful hacking, computer crimes are on the rise, and law enforcement personnel who investigate these crimes must learn how to properly gather forensic evidence in the computer age.

Now you can get the training you need in this comprehensive guide from two seasoned law enforcement professionals. From recognizing high-tech criminal activity and collecting evidence to presenting it in a way that judges and juries can understand, this book covers the range of skills, standards, and step-by-step procedures you’ll need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.

The book also covers the emerging field of “live forensics,” where investigators examine a system to obtain evidence while it is still running, thus preserving live data that may be lost if the system is shut down.

COVERAGE INCLUDES:

• Responding to a reported computer intrusion
• Conducting the initial interview with the victims
• Understanding how attackers exploit Windows networks
• Deciphering Windows file systems, registries, and more
• Analyzing data rapidly using live analysis techniques
• Examining suspects’ computers
• Using EnCase® for Windows event log analysis
• Presenting technically complicated material to juries

See all Editorial Reviews

Product Details

• Paperback: 552 pages
• Publisher: Sybex (April 2, 2007)
• Language: English
• ISBN-10: 0470097620
• ISBN-13: 978-0470097625
• Product Dimensions: 9.1 x 7.2 x 1.3 inches
• Shipping Weight: 1.8 pounds (View shipping rates and policies)
• Average Customer Review: 4.8 out of 5 stars  See all reviews (9 customer reviews)
• Amazon.com Sales Rank: #115,571 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #10 in	Books > Computers & Internet > Security & Encryption > Forensics
  #10 in	Books > Computers & Internet > Security & Encryption > Windows Security
  #42 in	Books > Computers & Internet > Certification Central > Publisher > Sybex

Customer Reviews

Most Helpful Customer Reviews

7 of 7 people found the following review helpful:

5.0 out of 5 stars It's refreshing to finally be part of the "target audience", April 17, 2007

By	Bryan Walker (Chapel Hill, NC United States) - See all my reviews (REAL NAME)

As a law enforcement officer, I've often found myself frustrated by books that cover incident response, but never discuss law enforcement involvement, except as an afterthought. While I understand that it's important for corporate and internal investigators to have this type of information, it's refreshing to find a book that talks about the law enforcement response to an computer crime incident.

I've had the privilege of attending classes instructed by both of these authors. One of the things that impressed me about their classes is that they were able to break down complicated technical concepts into terms that cops can understand. They continue to do that in this book.

Computer crime investigators need to add this book to their libraries. I'd say it's a must have.

7 of 7 people found the following review helpful:

5.0 out of 5 stars Great "How to" for network forensics and live captures, April 13, 2007

By	Thomas Hyslip - See all my reviews (REAL NAME)

I have been a federal agent and computer forensic examiner for over 10 years and this is the first book I have found that covers the areas of network forensics and live analysis techniques. Most books will cover how to conduct a standard forensic exam of a stand alone computer, but this book goes into detail on how to conduct forensic exams on networks and find the evidence left behind. I really learned a lot through the excellent screen captures and "how tos" that walk you through the process. The authors cover the forensic exam as well as the invetigation which is very helpful.

I highly recommend this book to anyone who works in the arena of computer crime, ecspecially intrusion investigations and computer forensics.

5 of 5 people found the following review helpful:

5.0 out of 5 stars A must have for network security administrators and computer/network crime investigators., April 21, 2007

By	Shea Tisdale - See all my reviews (REAL NAME)

This book skillfully combines real world network security with law enforcement investigative techniques to deliver a text which will enable you to make the right decisions based on the unique circumstances and facts of each event you are called on to investigate.

I consider this book a must have for anyone in network administration, network security or on a computer emergency response team. The techniques and information contained within are, without a doubt, missing from almost all other books and training you have received.