Windows Forensics: The Field Guide for Corporate Computer Investigations
Chapter 1: Windows Forensics
- CASE STUDY: THE MYSTERY TYPIST
Chapter 2: Processing the Digital Crime Scene
- CASE STUDY: UNAUTHORIZED NETWORK DEVICE
- CASE STUDY: REMOTE CORRUPTION
- EVIDENCE COLLECTION KIT
- CASE STUDY: ELECTRONIC DEVICE MISUSE
- SHUTDOWN, UNPLUG, OR ANALYZE LIVE
- EVIDENCE STORAGE
Chapter 3: Windows Forensics Basics
- THE WORM DID IT!
- WRITE BLOCKING
- FLOPPY DISK REPAIR
- TAPE BACKUP METHODS
- CD/DVD REPAIR
- CASE STUDY: MISSING USB KEY
- HARD DISK PASSWORDS
- RAID ARRAYS
Chapter 4: Partitions and File Systems
- WINDOWS BOOT PROCESS
- FIXING THE MBR
- SECURE DATA WIPING
- ALTERNATE DATA STREAMS
- BYPASSING NTFS PERMISSIONS
- SYMMETRIC AND PUBLIC KEY ENCRYPTION
- CASE STUDY: FTP HACKER
Chapter 5: Directory Structure and Special Files
- WINDOWS STARTUP INFORMATION
- ENVIRONMENT VARIABLES
- CASE STUDY: ALTERED HOSTS FILE
- SECURITY IDENTIFIERS
Chapter 6: The Registry
- WINDOWS REGISTRY FILE LOCATIONS
- CASE STUDY: CD BURNING
- AUTOSTART LOCATIONS
Chapter 8: Live System Analysis
- ORDER OF VOLATILITY
- WIRELESS MONITORING
- NETWORK TRAFFIC RECONSTRUCTION
- SNIFFER CABLE CONSTRUCTION
- ROOTKITS
Chapter 9: Forensic Duplication
- WRITE BLOCKING
- ENCASE ENTERPRISE
- CASE STUDY: MASS ACQUISITION
Chapter 10: File System Analysis
- REGULAR EXPRESSIONS
- HASH ALGORITHM SECURITY
- STEGANOGRAPHY
- FINDING COMPRESSED FILES
Chapter 11: Log File Analysis
- EVENT LOG CORRUPTION
- WINDOWS XP FIREWALL LOGS
- HTTP LOG SAMPLE
- CROSS SITE SCRIPTING AND SQL INJECTION
- CASE STUDY: PHISHING
Chapter 12: Internet Usage Analysis
- INTERNET-ACCEPTABLE USAGE POLICY
Chapter 13: Email Investigations
- CASE STUDY: INAPPROPRIATE EMAIL USAGE
- USENET AND NNTP
- CASE STUDY: ACCIDENTAL DISCLOSURE
- EMAIL HEADERS