Operating system forensics

Operating system forensics

Operating System Forensics is the first book to cover all three critical operating systems for digital forensic investigations in one comprehensive reference. Users will learn how to conduct successful digital forensic examinations in Windows, Linux, and Mac OS, the methodologies used, key technical...

Descripción completa

Detalles Bibliográficos
Otros Autores: Messier, Ric, author (author), Mackay, Kevin, editor (editor)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Waltham, MA : Elsevier [2016]
Edición:First edition
Materias:
Computer crimes > Investigation.
Operating systems (Computers)
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629995406719
Tabla de Contenidos:
  • Cover; Title Page; Copyright Page; Dedication; Contents; Foreword; Preface; Chapter 1 - Forensics and Operating Systems; Introduction; Forensics; Evidence Inclusion and Exclusion; Federal Rules of Evidence; Frye Versus Daubert; Evidence Handling; Operating systems; Microsoft Windows; Linux; Graphical User Interface; File Systems; Mac OS X; Conclusions; Summary; Exercises; Bibliography; Chapter 2 - File Systems; Introduction; Disk geometry; Master boot record; Unified extensible firmware interface; Windows file systems; File Allocation Table (FAT); Partition Boot Sector; File Table
  • Root DirectoryFile Analysis; New Technology File System (NTFS); Alternate Data Streams; Volume Shadow Copy; Sparse Files; Resilient File System (ReFS); Linux file systems; ext2; ext3/4; Apple file systems; HFS+; Slack space; Conclusions; Summary; Exercises; Bibliography; Chapter 3 - Data and File Recovery; Introduction; Data carving; Searching and deleted files; Slack space and sparse files; Data hiding; Time stamps/stomps; Time lines; Volume shadow copies; Summary; Exercises; Bibliography; Chapter 4 - Memory Forensics; Introduction; Real memory and addressing; Virtual memory; Memory layout
  • Data StructuresWindows; Mac OS X; Linux; Capturing memory; Windows; Mac OS X; Linux; Analyzing memory captures; Page files and swap space; Summary; Exercises; Bibliography; Chapter 5 - System Configuration; Introduction; Windows; Registry Access; Registry Artifacts; Mac OS X; Linux; Summary; Exercises; Bibliography; Chapter 6 - Web Browsing; Introduction; A primer on structured query language (SQL); Web browsing; Google Chrome; Internet Explorer; Web Cache; Cookies; History; Safari; Messaging services; E-mail; Conclusions; Exercises; Bibliography; Chapter 7 - Tracking Artifacts; Introduction
  • Location informationNetworks and Location; Document tracking; eXtensible Markup Language; Office Documents; PDF; Image files; Shortcuts; Conclusions; Exercises; Chapter 8 - Log Files; Introduction; Windows event logs; Windows Server Services; Parsing XML-based Log Files; Unix syslog; Application logs; Mac OS X logs; Security logs; Firewall Logs; Windows Firewall Logs; Antivirus Logs; Auditing; Summary; Exercises; Chapter 9 - Executable Programs; Introduction; Stacks and heaps; Memory Space; Portable executables; ProcMon; ProcExp; Sysmon; Prefetch; Linux executable and linkable format (ELF)
  • Apple OS X application bundles.NET common language runtime (CLR) / Java; Debugging/disassembly; gdb/ddd; Ollydbg; Immunity Debugger; Decompilers; System calls and tracing; Finding the program impact; Playing Safely; Conclusions; Exercises; Bibliography; Chapter 10 - Malware; Introduction; Malware categories; Virus; Worm; Rootkit; Macro Virus; Trojan; Botnet; Construction Kits; Using research; Getting infected; Drive-by Attacks and Watering Holes; Code Injection and File Replacement; Droppers; Boot Infections; DLL Injection and API Hooking; Crypto Lockers and Ransomware
  • Staying resident (persistence)

Ejemplares similares