Leverage the power of digital forensics for Windows systems

Key Features

• Build your own lab environment to analyze forensic data and practice techniques
• Develop the key skills needed for performing forensic analysis on Windows-based systems using digital artifacts
• Become proficient at analyzing forensic data and upgrade your existing knowledge with open source and Linux-based tools

Book Description

Over the past few years, the cybercrime wave has risen rapidly, with major attacks on government, military, financial, and media sectors. Tracking all these attacks and crimes requires an in-depth understanding of how operating systems work, how to extract data from digital evidence, and how to best use of digital forensic tools and techniques. This book will provide you with a detailed introduction to digital forensics, giving you the knowledge you need to assemble different types of evidence effectively, and walking you through the various stages of the analysis process.

This book starts by discussing the principles of the digital forensics process, and moves on to show you the approaches used to conduct analysis. You'll then study various tools to perform live analysis, and cover different techniques to analyze volatile and nonvolatile data. After this, you'll get to grips with data recovery, along with understanding FS analysis and performing registry analysis. Toward the concluding chapters, you'll get hands-on with building a forensic analyst environment, before working through interesting exercises to help reinforce your knowledge.

By the end of this book, you'll have developed the skills you need for performing forensic analysis on Windows-based systems.

What you will learn

• Perform live analysis on victim or suspect Windows systems locally or remotely
• Understand the different natures and acquisition techniques of volatile and nonvolatile data
• Create a timeline of all the system actions to restore the history of an incident
• Recover and analyze data from the file allocation table (FAT) and new technology file system (NTFS)
• Make use of various tools to perform registry analysis
• Track a system user's browser and e-mail activities to prove or refute hypotheses
• Discover how to dump and analyze computer memory

Who this book is for

This book is for forensic analysts and professionals who want to develop skills in digital forensic analysis for the Windows platform. Prior experience of information security and forensic analysis will be useful.

Table of Contents

1. The Foundations and Principles of Digital Forensics
2. Incident Response and Live Analysis
3. Volatile Data Collection
4. Nonvolatile Data Acquisition
5. Timeline
6. Filesystem Analysis and Data Recovery
7. Registry Analysis
8. Event Log Analysis
9. Windows Files
10. Browser and E-mail Investigation
11. Memory Forensics
12. Network Forensics

About the Author

Ayman Shaaban (@aymanshaaban) is a digital forensics specialist with about 8 years of experience in the field. He worked in the Egyptian National CERT as a digital forensics engineer for almost 5 years before joining Kaspersky Lab as a security researcher. Throughout the course of his career, Ayman has provided analysis for cases with national and international scope, and delivered training on digital forensics for different high profile entities. He is a certified GSEC, GCIH, GCFA, and CFCE. He also has a BSc in Communication and Electronics, and is currently working on his Master's degree in Information Security. You can find him on LinkedIn. Konstantin Sapronov joined Kaspersky Lab in 2000. He has been the Deputy Head of the Global Emergency Response Team since August 2011. He previously worked as a group manager with Virus Lab China, and has been responsible for establishing and developing the Virus Lab at Kaspersky Lab's office in China. Before this, Konstantin worked as a virus analyst and was the head of the Non-Intel Platform Group in the Virus Lab at Kaspersky Lab's HQ (Moscow), where he specialized in reverse engineering and in the analysis of malware, exploits, and vulnerabilities. He has authored several analytical articles on malware for UNIX and other information security topics.