Rating:
(4 reviews)
Author: Chad Steel
ISBN : 0470038624
New from $19.55
Format: PDF
Download file now Free Windows Forensics: The Field Guide for Corporate Computer Investigations [Paperback] from 4shared, mediafire, hotfile, and mirror link
The evidence is in--to solve Windows crime, you need Windows tools
An arcane pursuit a decade ago, forensic science today is a household term. And while the computer forensic analyst may not lead as exciting a life as TV's CSIs do, he or she relies just as heavily on scientific principles and just as surely solves crime.
Whether you are contemplating a career in this growing field or are already an analyst in a Unix/Linux environment, this book prepares you to combat computer crime in the Windows world. Here are the tools to help you recover sabotaged files, track down the source of threatening e-mails, investigate industrial espionage, and expose computer criminals.
* Identify evidence of fraud, electronic theft, and employee Internet abuse
* Investigate crime related to instant messaging, Lotus Notes(r), and increasingly popular browsers such as Firefox(r)
* Learn what it takes to become a computer forensics analyst
* Take advantage of sample forms and layouts as well as case studies
* Protect the integrity of evidence
* Compile a forensic response toolkit
* Assess and analyze damage from computer crime and process the crime scene
* Develop a structure for effectively conducting investigations
* Discover how to locate evidence in the Windows Registry
Books with free ebook downloads available Free Windows Forensics: The Field Guide for Corporate Computer Investigations [Paperback]
- Paperback: 408 pages
- Publisher: Wiley; 1 edition (May 15, 2006)
- Language: English
- ISBN-10: 0470038624
- ISBN-13: 978-0470038628
- Product Dimensions: 0.9 x 7.4 x 9.1 inches
- Shipping Weight: 1.3 pounds (View shipping rates and policies)
Free Windows Forensics: The Field Guide for Corporate Computer Investigations
I decided to read and review three digital forensics books in order to gauge their strengths and weaknesses: "File System Forensic Analysis" (FSFA) by Brian Carrier, "Windows Forensics" (WF) by Chad Steel, and "EnCase Computer Forensics" (ECF) by Steve Bunting and William Wei. All three books contain the word "forensics" in the title, but they are very different. If you want authoritative and deeply technical guidance on understanding file systems, read FSFA. If you want to focus on understanding Windows from an investigator's standpoint, read WA. If you want to know more about EnCase (and are willing to tolerate or ignore information about forensics itself), read ECF.
In the spirit of full disclosure I should mention I am co-author of a forensics book ("Real Digital Forensics") and Brian Carrier cites my book "The Tao of Network Security Monitoring" on p 10. I tried to not let those facts sway my reviews.
WF is a great guide to forensic investigation of Windows. By this I mean WF presents Windows from the perspective of the important directories, files, and registry entries that help an analyst discover malfeasance. WF also covers some of the core applications one would expect to review during host-based forensics, like email, Web browsing history, and P2P application usage. I expected coverage of popular Windows application formats relevant to investigations, like .doc, .ppt, and .xls, but those were missing.
WF addresses the core operational aspects of host-centric forensics, like forming a team and acquiring evidence from live and dead targets.