If you want to know the secrets to incident response and investigating cyber crime on Windows systems, this is THE book and DVD package!

Windows Forensic Analysis DVD Toolkit, Second Edition, is a completely updated and expanded version of Harlan Carvey's best-selling forensics book on incident response and investigating cybercrime on Windows systems. With this book, you will learn how to analyze data during live and post-mortem investigations.New to this edition is Forensic Analysis on a Budget, which collects freely available tools that are essential for small labs, state (or below) law enforcement, and educational organizations. The book also includes new pedagogical elements, Lessons from the Field, Case Studies, and War Stories that present real-life experiences by an expert in the trenches, making the material real and showing the why behind the how. The companion DVD contains significant, and unique, materials (movies, spreadsheet, code, etc.) not available anyplace else because they were created by the author.This book will appeal to digital forensic investigators, IT security professionals, engineers, and system administrators as well as students and consultants. - Best-Selling Windows Digital Forensic book completely updated in this 2nd Edition - Learn how to Analyze Data During Live and Post-Mortem Investigations - DVD Includes Custom Tools, Updated Code, Movies, and Spreadsheets

Harlan Carvey has updated Windows Forensic Analysis Toolkit, now in its fourth edition, to cover Windows 8 systems. The primary focus of this edition is on analyzing Windows 8 systems and processes using free and open-source tools. The book covers live response, file analysis, malware detection, timeline, and much more. Harlan Carvey presents real-life experiences from the trenches, making the material realistic and showing the why behind the how. The companion and toolkit materials are hosted online. This material consists of electronic printable checklists, cheat sheets, free custom tools, and walk-through demos. This edition complements Windows Forensic Analysis Toolkit, Second Edition, which focuses primarily on XP, and Windows Forensic Analysis Toolkit, Third Edition, which focuses primarily on Windows 7. This new fourth edition provides expanded coverage of many topics beyond Windows 8 as well, including new cradle-to-grave case examples, USB device analysis, hacking and intrusion cases, and "how would I do this" from Harlan's personal case files and questions he has received from readers. The fourth edition also includes an all-new chapter on reporting. - Complete coverage and examples of Windows 8 systems - Contains lessons from the field, case studies, and war stories - Companion online toolkit material, including electronic printable checklists, cheat sheets, custom tools, and walk-throughs

Windows Registry Forensics provides the background of the Windows Registry to help develop an understanding of the binary structure of Registry hive files. Approaches to live response and analysis are included, and tools and techniques for postmortem analysis are discussed at length. Tools and techniques are presented that take the student and analyst beyond the current use of viewers and into real analysis of data contained in the Registry, demonstrating the forensic value of the Registry. Named a 2011 Best Digital Forensics Book by InfoSec Reviews, this book is packed with real-world examples using freely available open source tools. It also includes case studies and a CD containing code and author-created tools discussed in the book. This book will appeal to computer forensic and incident response professionals, including federal government and commercial/private sector contractors, consultants, etc. - Named a 2011 Best Digital Forensics Book by InfoSec Reviews - Packed with real-world examples using freely available open source tools - Deep explanation and understanding of the Windows Registry – the most difficult part of Windows to analyze forensically - Includes a CD containing code and author-created tools discussed in the book

This book provides digital forensic investigators, security professionals, and law enforcement with all of the information, tools, and utilities required to conduct forensic investigations of computers running any variant of the Macintosh OS X operating system, as well as the almost ubiquitous iPod and iPhone. Digital forensic investigators and security professionals subsequently can use data gathered from these devices to aid in the prosecution of criminal cases, litigate civil cases, audit adherence to federal regulatory compliance issues, and identify breech of corporate and government usage policies on networks. MAC Disks, Partitioning, and HFS+ File System Manage multiple partitions on a disk, and understand how the operating system stores data. FileVault and Time Machine Decrypt locked FileVault files and restore files backed up with Leopard's Time Machine. Recovering Browser History Uncover traces of Web-surfing activity in Safari with Web cache and .plist files Recovering Email Artifacts, iChat, and Other Chat Logs Expose communications data in iChat, Address Book, Apple's Mail, MobileMe, and Web-based email. Locating and Recovering Photos Use iPhoto, Spotlight, and shadow files to find artifacts pof photos (e.g., thumbnails) when the originals no longer exist. Finding and Recovering QuickTime Movies and Other Video Understand video file formats--created with iSight, iMovie, or another application--and how to find them. PDF, Word, and Other Document Recovery Recover text documents and metadata with Microsoft Office, OpenOffice, Entourage, Adobe PDF, or other formats. Forensic Acquisition and Analysis of an iPod Documentseizure of an iPod model and analyze the iPod image file and artifacts on a Mac. Forensic Acquisition and Analysis of an iPhone Acquire a physical image of an iPhone or iPod Touch and safely analyze without jailbreaking. - Includes Unique Information about Mac OS X, iPod, iMac, and iPhone Forensic Analysis Unavailable Anywhere Else - Authors Are Pioneering Researchers in the Field of Macintosh Forensics, with Combined Experience in Law Enforcement, Military, and Corporate Forensics

iOS Forensic Analysis provides an in-depth look at investigative processes for the iPhone, iPod Touch, and iPad devices. The methods and procedures outlined in the book can be taken into any courtroom. With never-before-published iOS information and data sets that are new and evolving, this book gives the examiner and investigator the knowledge to complete a full device examination that will be credible and accepted in the forensic community.

This book addresses topics in the area of forensic analysis of systems running on variants of the UNIX operating system, which is the choice of hackers for their attack platforms. According to a 2007 IDC report, UNIX servers account for the second-largest segment of spending (behind Windows) in the worldwide server market with $4.2 billion in 2Q07, representing 31.7% of corporate server spending. UNIX systems have not been analyzed to any significant depth largely due to a lack of understanding on the part of the investigator, an understanding and knowledge base that has been achieved by the attacker. The book begins with a chapter to describe why and how the book was written, and for whom, and then immediately begins addressing the issues of live response (volatile) data collection and analysis. The book continues by addressing issues of collecting and analyzing the contents of physical memory (i.e., RAM). The following chapters address /proc analysis, revealing the wealth of significant evidence, and analysis of files created by or on UNIX systems. Then the book addresses the underground world of UNIX hacking and reveals methods and techniques used by hackers, malware coders, and anti-forensic developers. The book then illustrates to the investigator how to analyze these files and extract the information they need to perform a comprehensive forensic analysis. The final chapter includes a detailed discussion of loadable kernel Modules and malware. Throughout the book the author provides a wealth of unique information, providing tools, techniques and information that won't be found anywhere else. - This book contains information about UNIX forensic analysis that is not available anywhere else. Much of the information is a result of the author's own unique research and work. - The authors have the combined experience of law enforcement, military, and corporate forensics. This unique perspective makes this book attractive to all forensic investigators.

Memory forensics provides cutting edge technology to help investigate digital attacks Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields. Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques: How volatile memory analysis improves digital investigations Proper investigative steps for detecting stealth malware and advanced threats How to use free, open source tools for conducting thorough memory forensics Ways to acquire memory from suspect systems in a forensically sound manner The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.