Overview

Praise for Windows Forensics and Incident Recovery Windows Forensics and Incident Recovery doesn't just discuss forensics, it also includes tools for analysis and shows readers how to use them. I look forward to putting these tools through their paces, and I recommend Carvey's book as a terrific addition to the security professional's bookshelf. Warren G. Kruse II, PartnerComputer Forensic Services, LLC This book is a good reference for the tools needed to prepare for, respond to, and confirm a Windows-based computer incident. Brian CarrierDigital forensics researcher This book provides a unique 'command-line centric' view of Microsoft and non-Microsoft tools that can be very helpful to folks responsible for security and system administration on the Windows platform. Vishwas Lele, principal architectApplied Information Sciences, Inc. Harlan Carvey's book serves as a great resource for investigators and systems administrators looking to peek under the hoods of their Windows systems. Jason Chan, security consultant@stake Regardless of what you know already, you are guaranteed to learn something new about Windows incident response from this book. Brian Behler, computer forensics and intrusion analyst/engineer Harlan Carvey's vast security and forensics experience shows through in all facets of this work. Many books have attempted to be the prescriptive guide to forensics on the Windows platform. This book not only attempts it, but it succeeds with guidance to spare. Rick Kingslan, Microsoft MVPWest Corporation This book is the first to bring together into a single volume the topics of malicious code, incident response, and forensics on the Windows platform. Mr. Carvey's work should serve as a valuable reference for any Windows system administrator or security professional. Jennifer Kolde, information security consultant, author , and instructor Harlan Carvey's book is a one-of-a-kind approach to do-it-yourself Windows forensics. With detailed and illustrative examples coupled with Harlan's renowned Perl scripts, this book certainly is a great find. Mark Burnett, security consultant and author If you're responsible for protecting Windows systems, firewalls and anti-virus are not enough. You also need to master incident response, recovery, and auditing. Leading Windows security expert and instructor Harlan Carvey offers a start-to-finish guide to the subject: everything administrators must know to recognize and respond to virtually any attack. Drawing on his widely acclaimed course, Carvey uses real-world examples to cover every significant incident response, recovery, and forensics technique. He delivers a complete incident response toolset that combines today best open source and freeware tools, his own exclusive software and scripts, and step-by-step instructions for using them. This book's tools and techniques apply to every current and professional version of Windows: NT, 2000, XP, and Windows Server2003. Coverage includes: CD-ROM contains incident response and forensics toolkit code developed by the author, sample network packet captures, as well as data collected from compromised systems using the Forensic Server Project. You can also access Carvey's website at http://www windows-ir.com for code samples, updates, and errata. Harlan Carvey is an instructor and course developer. He developed curriculum for a two-day, hands-on course addressing incident response and live forensics in the Windows environment. This course is extremely technical in nature and kept continually up to date. In addition, Carvey is a network and computer security engineer in the Metro DC area. He provides expertise in securing, monitoring, and incident response in the Windows infrastructure. Harlan has presented at USENIX, DefCon9, Black Hat, GMU2003 on various topics specific to issues on Windows platforms, such as data hiding. He has had articles published in the Information Security Bulletin and on the Security Focus website.

Full Product Details

9780321200983

Table of Contents

Reviews

Author Information

Harlan Carvey?s interest in computer and information security began while he was an officer in the U.S. military, during which time he earned his master?s degree in Electrical Engineering. After leaving military service, he began working in the field of commercial and government information security consulting, performing vulnerability assessments and penetration tests. While employed at one company, he was the sole developer of a program for collecting security-specific information (i.e., Registry entries, file information, configuration settings, etc.) from Windows NT systems during vulnerability assessments. The purpose of the product was to overcome shortfalls in commercial scanning products and provide more valuable information to the customer. Harlan has also done considerable work in the area of incident response and forensics, performing internal and external investigations. He has also written a number of proof-of- concept tools for educating users in such topics as Windows null sessions, file signature analysis, and the retrieval of metadata from a variety of files. Harlan?s experience with computers began in the early ?80s, with a Timex-Sinclair 1000. Around that time, he was learning to program BASIC on an Apple IIe. From there, he moved on to computers such as the Epson QX-10 and the TRS-80, on which he programmed BASIC learned PASCAL, using the TurboPASCAL compiler. Since then, he?s worked with SunOS and Solaris systems, as well as various versions of DOS and Windows, OS/2, and Linux. Harlan has presented at Usenix, DefCon9, Black Hat, GMU2003 on various topics specific to issues on Windows platforms, such as data hiding. He has had articles published in the Information Security Bulletin and on the SecurityFocus web site.

Tab Content 6

Customer Reviews

Recent Reviews

Countries Available