Windows forensics analyst field guide : engage in proactive cyber defense using digital forensics techniques

Windows forensics analyst field guide engage in proactive cyber defense using digital forensics techniques

In this digitally driven era, safeguarding against relentless cyber threats is non-negotiable. This guide will enable you to enhance your skills as a digital forensic examiner by introducing you to cyber challenges that besiege modern entities. It will help you to understand the indispensable role a...

Descripción completa

Detalles Bibliográficos
Otros Autores: Mohammed, Muhiballah, author (author)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham, UK : Packt Publishing Ltd 2023.
Edición:1st edition
Materias:
Computer crimes > Investigation > Handbooks, manuals, etc.
Windows (Computer programs)
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009781235806719
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright and Credits
  • Contributors
  • Table of Contents
  • Preface
  • Part 1: Windows OS Forensics and Lab Preparation
  • Chapter 1: Introducing the Windows OS and Filesystems and Getting Prepar
  • Technical requirements
  • What is a Microsoft OS?
  • The modern Windows OS and filesystems
  • Windows XP
  • Windows Vista
  • Windows 7, 8 and 8.1
  • Windows 10
  • Digital forensics and common terminology
  • What is digital forensics?
  • Digital forensic terminology
  • The process of digital forensics
  • Digital evidence
  • Windows VSS
  • Preparing a lab environment
  • Exploring the main components of Windows
  • The kernel
  • Windows processes
  • Windows services
  • Device drivers
  • DLLs
  • The registry
  • The filesystem
  • Investigation methodology
  • Understanding Windows architecture
  • Looking at the memory acquisition tools
  • Using FTK Imager to capture memory
  • WinPmem
  • DumpIt
  • Belkasoft RAM Capturer
  • MAGNET RAM Capture
  • Using Volatility to analyze memory dumps and plugins
  • Volatility architecture
  • Volatility plugins
  • Volatility commands
  • Identifying the profile
  • The imageinfo plugin
  • The process list and tree
  • The netscan plugin
  • The hivescan and hivelist plugins
  • A brief overview of Volatility 3
  • Evidence collection and acquisition exercise
  • Summary
  • Chapter 4: The Windows Registry
  • Technical requirements
  • Windows Registry fundamentals
  • Why do we care about the Windows Registry?
  • Components of the Windows Registry
  • Windows Registry hierarchy
  • Windows Registry hives
  • HKLM
  • HKCU
  • HKCR
  • Windows Registry data types
  • User registry hives
  • NTUSER.DAT
  • UsrClass.dat
  • Windows Registry acquisition and analysis
  • regedit.exe and reg.exe
  • powershell.exe
  • Windows Registry acquisition
  • Windows Registry analysis tools
  • Registry Explorer
  • RegRipper
  • Registry Viewer
  • RECmd.exe
  • Windows Registry forensic analysis exercises
  • Summary
  • Chapter 5: User Profiling Using the Windows Registry
  • Profiling system details
  • Identifying the OS version
  • Identifying CurrentControlSet
  • Validating the computer name
  • Identifying time zones
  • Identifying services
  • Installed applications
  • The PrefetchParameters subkey
  • Network activities
  • Autostart registry keys
  • Profiling user activities
  • SAM registry hive
  • Domain and local user details
  • NTUSER.DAT

Ejemplares similares