Компьютерно-техническая экспертиза
Главная Библиотека Библиотека Книги Windows Forensics and Incident Recovery


Windows Forensics and Incident Recovery

Windows Forensics and Incident Recovery By Harlan Carvey Paperback / July 2004 / 0321200985 Table of Contents Index Examples Copyright Praise for Windows Forensics and Incident Recovery About the Author Preface Chapter 1. Introduction Definitions Intended Audience Book Layout Defining the Issue Purpose Real Incidents Where To Go For More Information Conclusion Chapter 2. How Incidents Occur Definitions Purpose Incidents Lowest Common Denominator Attacks Are Easy Summary Chapter 3. Data Hiding File Attributes The Hidden Attribute File Signatures File Times File Segmentation File Binding NTFS Alternate Data Streams Hiding Data in the Registry Office Documents OLE Structured Storage Steganography Summary Chapter 4. Incident Preparation Perimeter Devices Host Configuration Group Policies Getting Under the Hood Patch Management Anti-Virus Monitoring Summary Chapter 5. Incident Response Tools Definitions Tools for Collecting Volatile Information Tools for Collecting Non-Volatile Information Tools for Analyzing Files Summary Chapter 6. Developing a Methodology Introduction Prologue First Dream Second Dream Third Dream Fourth Dream Fifth Dream Summary Chapter 7. Knowing What to Look For Investigation Overview Infection Vectors Malware Footprints and Persistence Rootkits Detecting Rootkits Summary Chapter 8. Using the Forensic Server Project The Forensic Server Project Collecting Data Using FSP Correlating and Analyzing Data Using FSP Future Directions of the Forensic Server Project Summary Chapter 9. Scanners and Sniffers Port Scanners Network Sniffers Summary Appendix A. Installing Perl on Windows Installing Perl and Perl Modules Perl Editors Running Perl Scripts Setting Up Perl for Use with this Book Summary Appendix B. Web Sites Searching Sites for Information about Windows Anti-Virus Sites Program Sites Security Information Sites Perl Programming and Code Sites General Reading Appendix C. Answers to Chapter 9 Questions FTP Traffic Capture Netcat Traffic Capture Null Session Traffic Capture IIS Traffic Capture Nmap Traffic Capture Appendix D. CD-ROM Contents What's on the CD Article CD-ROM Warranty Index

Прикрепленные файлы

Оценить статью: