Enter your mobile number below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Windows Forensic Analysis Toolkit, Fourth Edition: Advanced Analysis Techniques for Windows 8 4th Edition

4.3 out of 5 stars 12 customer reviews
ISBN-13: 978-0124171572
ISBN-10: 0124171575
Why is ISBN important?
ISBN
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Trade in your item
Get a $18.48
Gift Card.
Have one to sell? Sell on Amazon
Rent On clicking this link, a new layer will be open
$24.56 - $24.67 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$62.00 On clicking this link, a new layer will be open
More Buying Choices
40 New from $38.40 27 Used from $38.40
Free Two-Day Shipping for College Students with Prime Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student


Best Books of the Year So Far
Looking for something great to read? Browse our editors' picks for the Best Books of the Year So Far in fiction, nonfiction, mysteries, children's books, and much more.
$62.00 FREE Shipping. In Stock. Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Frequently Bought Together

  • Windows Forensic Analysis Toolkit, Fourth Edition: Advanced Analysis Techniques for Windows 8
  • +
  • Digital Forensics with Open Source Tools
  • +
  • The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Total price: $164.52
Buy the selected items together

Editorial Reviews

Review

"... this book is well written and easy to read…has some material of interest to experts…"--Computing Reviews, Windows Forensic Analysis Toolkit, 4th Edition

"...technical detail is extensive here and those realworld examples mentioned earlier are worked through in intricate detail. You will definitely want to try this at home…" -Network Security, Nov 2014

About the Author

Harlan Carvey is a senior information security researcher with the Dell SecureWorks Counter Threat Unit - Special Ops (CTU-SO) team, where his efforts are focused on targeted threat hunting, response, and research. He continues to maintain a passion and focus in analyzing Windows systems, and in particular, the Windows Registry.

Harlan is an accomplished author, public speaker, and open source tool author. He dabbles in other activities, including home brewing and horseback riding. As a result, he has become quite adept at backing up and parking a horse trailer.

Harlan earned a bachelor’s degree in electrical engineering from the Virginia Military Institute, and a master’s degree in the same discipline from the Naval Postgraduate School. He served in the United States Marine Corps, achieving the rank of captain before departing the service. He resides in Northern Virginia with his family.
NO_CONTENT_IN_FEATURE

New York Times best sellers
Browse the New York Times best sellers in popular categories like Fiction, Nonfiction, Picture Books and more. See more

Product Details

  • Paperback: 350 pages
  • Publisher: Syngress; 4 edition (April 10, 2014)
  • Language: English
  • ISBN-10: 0124171575
  • ISBN-13: 978-0124171572
  • Product Dimensions: 7.5 x 0.8 x 9.2 inches
  • Shipping Weight: 1.5 pounds (View shipping rates and policies)
  • Average Customer Review: 4.3 out of 5 stars  See all reviews (12 customer reviews)
  • Amazon Best Sellers Rank: #104,507 in Books (See Top 100 in Books)

Customer Reviews

Top Customer Reviews

Format: Kindle Edition Verified Purchase
I am a fan of Harlan's books and we even carry them in the SANS bookstore at conference events as recommended reading by SANS instructors. His last book "Windows Forensic Analysis: Advanced Analysis Techniques for Windows 7" was a wonderful rewrite and included many new artifacts found on Windows 7 including jumplists, volume shadow copy, and many new registry keys.

This new book, is basically a reprint of his previous book based on Windows 7 with some brief mentions of Windows 8 artifacts. Harlan does mention this fact even in the book, but I feel the title is a bit misleading especially if you have a copy of his previous book.

If you have already purchased his 3rd edition book, I would pass on this book until more Windows 8 artifacts are detailed in full. Having read the book in full including the last two new chapters, it does include some brief new artifacts for Windows 8, but not enough to warrant spending the money to update your library at this point.

The book is great if the majority of your analysis is on Windows 7 systems. If you don't have a copy of the 3rd edition, then this book is a great addition to your forensics library. However, due the the misleading title "Advanced Analysis Techniques for Windows 8," I cannot rate the version of the book any higher.
1 Comment 23 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback
This book is well written, full of tips, and teaches the methodology of forensic examinations rather than just “go look here for this artifact”. Case in point is the Timeline chapter. This chapter does a great job of explaining the benefits of creating a timeline, and even walks the reader through the process using a Windows XP image.

The chapter on report writing was extremely helpful. In my experience, this is one area that many examiners may struggle with, because without a way to communicate the findings, the analysis is for not. This chapter not only covers the report writing process with examples, but also covers how to take detailed case notes. Although I have been writing reports for a while, there were still quite a few “ah ha” moments for me.

If you have any of his previous books, and are wondering if the new edition is worth the extra expense and time, I would say a resounding “Yes”. There is new content such as the Correlating Artifacts chapter and the Reports chapter. It has also been updated with some real life case examples that help drive home the points. If you’re new to Harlan’s series, I think this book is a great place to start. In addition to the newer operating systems, this book also covers XP, Sever 2003 and Vista.

It may also be a minor point, but I also like that fact that Harlan uses the pronoun “she” and not always “he” when talking about examiners.

I do have to say that Windows Forensics Analysis 2E is still one of my favorites, but that is probably because it was one of my first forensic books and has all my notes still in it :-)
Comment 3 people found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
I must state at the onset - This is a great digital forensics book.
This book as both an knowledge-builder and go-to desk-reference is a formidable and useful work.

It is very well written and well attributed. If i had to take one book about Windows 8 with me to Bezerkistan in order to complete an WIN 8 digital forensics mission. This Windows Forensics Analysis Tool Kit - is it.

I admire Harlan's technical forensics skills, understanding about limitations the forensics practice and his excellence in writing. This is a "must have" for digital forensics professionals. If you are in the digital forensics - business - get this book - read it - use it.
Comment One person found this helpful. Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
Format: Paperback Verified Purchase
I had to buy this book for a third/fourth-year forensics course, the one where we perfect the collection of evidence and the writing digital forensics reports. I would like to give this book four-and-a-half stars for information, but I deducted over a star for the editing errors. I do not know what it is about computer manuals, but of all the books I have had to read during the last seven years of school--including books on accounting, criminal justice, psychology, math, English literature, creative writing, and humanities--the computer manuals sit at the very bottom regarding grammar and punctuation. The glaring errors make it very hard for me to concentrate.

One might think this is a trivial concern, but in fact grammar is exceedingly important to a computer forensic major. We have to match pronouns to antecedents. We have to know about the possessive gerund. We must understand where commas go and understand the difference between colons and semicolons. We have to avoid certain tenses of being, staying mostly in direct past tense. We cannot use first-person speech. We must avoid contractions, and so on. While some of these directives can be ignored in the writing of textbooks and manuals, such as using contractions and even using the first person, a computer forensic professional must adhere to the basics of good grammar. The author and line editors of this book did not match pronouns to antecedents, and they did not use possessive nouns in front of gerunds. They used semicolons where colons would have gone. And I cannot even go into the misuse of comma placement.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Most Recent Customer Reviews

Set up an Amazon Giveaway

Windows Forensic Analysis Toolkit, Fourth Edition: Advanced Analysis Techniques for Windows 8
Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway
This item: Windows Forensic Analysis Toolkit, Fourth Edition: Advanced Analysis Techniques for Windows 8