Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Windows Forensic Analysis Toolkit, Third Edition: Advanced Analysis Techniques for Windows 7 3rd Edition

4.8 out of 5 stars 14 customer reviews
ISBN-13: 978-1597497275
ISBN-10: 1597497274
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Trade in your item
Get a $6.44
Gift Card.
Have one to sell? Sell on Amazon
Buy used On clicking this link, a new layer will be open
$29.95 On clicking this link, a new layer will be open
Buy new On clicking this link, a new layer will be open
$59.91 On clicking this link, a new layer will be open
More Buying Choices
24 New from $29.95 26 Used from $29.93
$59.91 FREE Shipping. In stock but may require an extra 1-2 days to process. Ships from and sold by Amazon.com. Gift-wrap available.
click to open popover

Frequently Bought Together

  • Windows Forensic Analysis Toolkit, Third Edition: Advanced Analysis Techniques for Windows 7
  • +
  • Windows Forensic Analysis Toolkit, Fourth Edition: Advanced Analysis Techniques for Windows 8
  • +
  • File System Forensic Analysis
Total price: $175.71
Buy the selected items together

Editorial Reviews

Amazon.com Review

Amazon Exclusive: A Letter from Harlan Carvey, author of Windows Forensic Analysis Toolkit, 3rd Edition
Harlan Carvey

Dear Amazon Readers,

I am not an expert. I really, enthusiastically enjoy performing digital forensic analysis of Windows systems and will get up early (for me…"early" is a relative term) to work on an examination. I enjoy not just finding new things in my analysis, but finding new combinations of things, looking for those hidden patterns to jump out of the data. I enjoy writing code to parse the binary contents of a file so that I can then see how the various teeth of the operating system and application gears mesh together, and in seeing what primary, secondary, and tertiary artifacts are left by various events that occur on a system.

When I first started writing books, I did so because I could not find something that would fit what I saw as my needs. Sure, there were books available that covered some aspects of digital forensic analysis of Windows systems, but there wasn't anything available that really went into depth on analyzing Windows as a system of interconnected components. There were books that covered some of the really obvious indications of an intrusion or malware infection, but how often are our examinations really about finding the obvious artifacts? I knew I couldn't be the only one looking for something like this, and writing a book not only provided a reference for myself and others, but the act of writing required me to polish and hone my thoughts. I hope you enjoy the finished product, and that it leads you beyond the obvious.

I hope you find my attempt to contribute to the digital forensics analysis community to be useful and thought-provoking. Thank you.

--Harlan Carvey


"Harlan has done it again! Continuing in the tradition of excellence established by the previous editions, Windows Forensics Analysis Toolkit 3e is an indispensable resource for any forensic examiner. Whether you're a seasoned veteran or just starting out, this work is required reading. WFA3e will maintain a perennial spot on my core reference bookshelf!"--Cory Altheide, Google

"Windows Forensic Analysis Toolkit 3rd Edition provides a wealth of important information for new and old practitioners alike. Not only does it provide a great overview of artifacts of interest on Windows 7 systems, but it also presents plenty of technology independent concepts that play an important role in any investigation. Feel free to place a copy on your shelf next to WFA 2ed and WRF."--Digital4rensics.com

"The third edition of this reference for system administrators, digital forensic analysts, students, and law enforcement does not replace the second edition, but rather serves as a companion. Coverage encompasses areas such as immediate response, volume shadow copies, file and registry analysis, malware detection, and application analysis. Learning features include b&w screenshots, tip and warning boxes, code (also available on a website), case studies, and 'war stories' from the field. The tools described throughout the book are written in the Perl scripting language, but readers don't need to be experts in Perl, and most of the scripts are accompanied by Windows executables found online. For this third edition, a companion website provides printable checklists, cheat sheets, custom tools, and demos."--Reference and Research Book News, Inc.

"There is a good reason behind the success of the previous editions of this book, and it has to do with two things: new Windows versions are different enough from previous ones to warrant a new edition and, most importantly, the author is simply that good at explaining things. This edition is no different."--HelpNetSecurity