What do you think?
Rate this book
Windows Forensics: Understand Analysis Techniques for Your Windows
This book is your comprehensive guide to Windows forensics. It covers the process of conducting or performing a forensic investigation of systems that run on Windows operating systems. It also includes analysis of incident response, recovery, and auditing of equipment used in executing any criminal activity.
The book covers Windows registry, architecture, and systems as well as forensic techniques, along with coverage of how to write reports, legal standards, and how to testify. It starts with an introduction to Windows followed by forensic concepts and methods of creating forensic images. You will learn Windows file artefacts along with Windows Registry and Windows Memory forensics. And you will learn to work with PowerShell scripting for forensic applications and Windows email forensics. Microsoft Azure and cloud forensics are discussed and you will learn how to extract from the cloud. By the end of the book you will know data-hiding techniques in Windows and learn about volatility and a Windows Registry cheat sheet.
What Will You Learn
Understand Windows architectureRecover deleted files from Windows and the recycle binUse volatility and PassMark volatility workbenchUtilize Windows PowerShell scripting for forensic applications
Who This Book Is For
Windows administrators, forensics practitioners, and those wanting to enter the field of digital forensics
The book covers Windows registry, architecture, and systems as well as forensic techniques, along with coverage of how to write reports, legal standards, and how to testify. It starts with an introduction to Windows followed by forensic concepts and methods of creating forensic images. You will learn Windows file artefacts along with Windows Registry and Windows Memory forensics. And you will learn to work with PowerShell scripting for forensic applications and Windows email forensics. Microsoft Azure and cloud forensics are discussed and you will learn how to extract from the cloud. By the end of the book you will know data-hiding techniques in Windows and learn about volatility and a Windows Registry cheat sheet.
What Will You Learn
Understand Windows architectureRecover deleted files from Windows and the recycle binUse volatility and PassMark volatility workbenchUtilize Windows PowerShell scripting for forensic applications
Who This Book Is For
Windows administrators, forensics practitioners, and those wanting to enter the field of digital forensics
599 pages, Kindle Edition
Published May 29, 2024
2 people are currently reading
About the author
Chuck Easttom
59 books7 followersChuck Easttom is an internationally renowned computer security expert and trainer. He has been in the IT industry for over 18 years and training for over 10. He has conducted numerous computer security courses over the past decade, most notably for the Secret Service Electronic Crimes Task Force. Students in his classes often include network administrators, corporate chief security officers (CSO’s), federal agents, local law enforcement, military personal, and department of defense contractors. He also has a master’s degree in education as well as a master’s of business administration (specialized in applied computer science) and has been named to both Who’s Who in Education and Whose Who in Science and Technology. He holds over 28 industry certifications including prominent computer security certifications such as CHFI, CISSP, ISSAP, and CEH. In addition to his many certifications he is a Microsoft Certified Trainer and an EC Council certified instructor.
He was part of the teams that created the CompTIA Security+ certification test, as well as their Server+ and Linux+ certification test. He was also part of the CEH version 8 job task analysis team. Chuck also created the EC Councils CAST 615 cryptography course as well as their new Certified Encryption Specialist certification course.
He is the author of 15 computer science books including two computer security textbooks from Pearson publishing that are used at universities around the world. He is also the author of a book specifically on computer crime from Cengage publishing, and most recently a computer forensics textbook from Jones and Barlett publishing.
Chuck has been a speaker on various computer security related topics including the following: the Harvard Computer Society (topic the history of computer crime), Columba University ACM Chapter (topic the history of computer viruses), Takedown con (multiple topics all related to cryptography), and Hacker Halted (topic cryptography), and the Southern Methodist University Computer Science and Engineering research colloquium (topic organized computer crime and terrorism).
He was part of the teams that created the CompTIA Security+ certification test, as well as their Server+ and Linux+ certification test. He was also part of the CEH version 8 job task analysis team. Chuck also created the EC Councils CAST 615 cryptography course as well as their new Certified Encryption Specialist certification course.
He is the author of 15 computer science books including two computer security textbooks from Pearson publishing that are used at universities around the world. He is also the author of a book specifically on computer crime from Cengage publishing, and most recently a computer forensics textbook from Jones and Barlett publishing.
Chuck has been a speaker on various computer security related topics including the following: the Harvard Computer Society (topic the history of computer crime), Columba University ACM Chapter (topic the history of computer viruses), Takedown con (multiple topics all related to cryptography), and Hacker Halted (topic cryptography), and the Southern Methodist University Computer Science and Engineering research colloquium (topic organized computer crime and terrorism).
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
No one has reviewed this book yet.