Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8 (Anglais) Broché – 27 mars 2014
|Neuf à partir de||Occasion à partir de|
Les clients ayant acheté cet article ont également acheté
Descriptions du produit
Revue de presse
"... this book is well written and easy to read…has some material of interest to experts…"--Computing Reviews, Windows Forensic Analysis Toolkit, 4th Edition
"...technical detail is extensive here and those realworld examples mentioned earlier are worked through in intricate detail. You will definitely want to try this at home…" -Network Security, Nov 2014
Présentation de l'éditeur
Harlan Carvey has updated Windows Forensic Analysis Toolkit, now in its fourth edition, to cover Windows 8 systems. The primary focus of this edition is on analyzing Windows 8 systems and processes using free and open-source tools. The book covers live response, file analysis, malware detection, timeline, and much more. Harlan Carvey presents real-life experiences from the trenches, making the material realistic and showing the why behind the how.
The companion and toolkit materials are hosted online. This material consists of electronic printable checklists, cheat sheets, free custom tools, and walk-through demos. This edition complements Windows Forensic Analysis Toolkit, Second Edition, which focuses primarily on XP, and Windows Forensic Analysis Toolkit, Third Edition, which focuses primarily on Windows 7.
This new fourth edition provides expanded coverage of many topics beyond Windows 8 as well, including new cradle-to-grave case examples, USB device analysis, hacking and intrusion cases, and "how would I do this" from Harlan's personal case files and questions he has received from readers. The fourth edition also includes an all-new chapter on reporting.
- Complete coverage and examples of Windows 8 systems
- Contains lessons from the field, case studies, and war stories
- Companion online toolkit material, including electronic printable checklists, cheat sheets, custom tools, and walk-throughs
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.
Détails sur le produit
En savoir plus sur l'auteur
Dans ce livre(En savoir plus)
Quels sont les autres articles que les clients achètent après avoir regardé cet article?
Commentaires en ligne
Commentaires client les plus utiles sur Amazon.com (beta)
This new book, is basically a reprint of his previous book based on Windows 7 with some brief mentions of Windows 8 artifacts. Harlan does mention this fact even in the book, but I feel the title is a bit misleading especially if you have a copy of his previous book.
If you have already purchased his 3rd edition book, I would pass on this book until more Windows 8 artifacts are detailed in full. Having read the book in full including the last two new chapters, it does include some brief new artifacts for Windows 8, but not enough to warrant spending the money to update your library at this point.
The book is great if the majority of your analysis is on Windows 7 systems. If you don't have a copy of the 3rd edition, then this book is a great addition to your forensics library. However, due the the misleading title "Advanced Analysis Techniques for Windows 8," I cannot rate the version of the book any higher.
The chapter on report writing was extremely helpful. In my experience, this is one area that many examiners may struggle with, because without a way to communicate the findings, the analysis is for not. This chapter not only covers the report writing process with examples, but also covers how to take detailed case notes. Although I have been writing reports for a while, there were still quite a few “ah ha” moments for me.
If you have any of his previous books, and are wondering if the new edition is worth the extra expense and time, I would say a resounding “Yes”. There is new content such as the Correlating Artifacts chapter and the Reports chapter. It has also been updated with some real life case examples that help drive home the points. If you’re new to Harlan’s series, I think this book is a great place to start. In addition to the newer operating systems, this book also covers XP, Sever 2003 and Vista.
It may also be a minor point, but I also like that fact that Harlan uses the pronoun “she” and not always “he” when talking about examiners.
I do have to say that Windows Forensics Analysis 2E is still one of my favorites, but that is probably because it was one of my first forensic books and has all my notes still in it :-)
This book as both an knowledge-builder and go-to desk-reference is a formidable and useful work.
It is very well written and well attributed. If i had to take one book about Windows 8 with me to Bezerkistan in order to complete an WIN 8 digital forensics mission. This Windows Forensics Analysis Tool Kit - is it.
I admire Harlan's technical forensics skills, understanding about limitations the forensics practice and his excellence in writing. This is a "must have" for digital forensics professionals. If you are in the digital forensics - business - get this book - read it - use it.
One might think this is a trivial concern, but in fact grammar is exceedingly important to a computer forensic major. We have to match pronouns to antecedents. We have to know about the possessive gerund. We must understand where commas go and understand the difference between colons and semicolons. We have to avoid certain tenses of being, staying mostly in direct past tense. We cannot use first-person speech. We must avoid contractions, and so on. While some of these directives can be ignored in the writing of textbooks and manuals, such as using contractions and even using the first person, a computer forensic professional must adhere to the basics of good grammar. The author and line editors of this book did not match pronouns to antecedents, and they did not use possessive nouns in front of gerunds. They used semicolons where colons would have gone. And I cannot even go into the misuse of comma placement. For one example of the grammar usage in this book, I have written verbatim a sentence on page 37 of the text:
"The two primary concerns during an incident with respect to logs are, where they are located and what's in them--both of which can have a significant impact on the outcome of your incident response activities."
The comma after "are" makes no sense unless the editor inserted a comma after "incident." The m-dash is oddly used, almost as if the first comma put the author and editors at odds at what punctuation to use for the afterthought to the sentence. The usage of the pronoun "your" is overtly colloquial for a textbook. I could even let the usage of "your" go, as this author enjoys the colloquial speech, but the punctuation errors throughout the book reduce the tone's effectiveness. Just because someone is using a friendly tone does not mean that awkward punctuation is any easier to take. This sentence is one of many, many sentences in the book that is clumsily written.
I think the author is a brilliant person, and I certainly will be using his techniques. I just wish that he and the other computer professionals in the field of manual writing would dare the expense of hiring professional textbook editors.
This being said, I would recommend this book for personal information. I would not recommend the book as it is written now for class usage and hope future editions are edited more stringently.