Windows Forensics and Incident Recovery

If you're responsible for protecting Windows systems, firewalls and anti-virus aren't enough anymore. You also need to master incident response, recovery, and auditing. Leading Windows security expert and instructor Harlan Carvey offers a start-to-finish guide to the subject: everything administrators must know to recognize and respond to virtually any attack.

Drawing on his widely acclaimed course, Carvey uses real-world examples to cover every significant incident response, recovery, and forensics technique. He delivers a complete toolset that combines today's best open source and freeware tools, his own exclusive software and scripts, and step-by-step instructions for using them. This book's tools and techniques apply to every current and professional version of Windows: NT, 2000, XP, and Windows 2003 Server. Coverage includes:

• Developing a practical methodology for responding to potential attacks
• Preparing your systems to prevent and detect incidents
• Recognizing the signatures of an attack-in time to act
• Uncovering attacks that evade detection by Event Viewer, Task Manager, and other Windows GUI tools
• Using the Forensic Server Project to automate data collection during live investigations
• Analyzing live forensics data in order to determine what occurred

CD-ROM INCLUDED

CD-ROM contains code for incident response and forensics toolkit developed by the author, sample network packet captures, as well as data collected from compromised systems using the Forensic Server Project. You can also access Carvey's website at www.windows-ir.com for code samples, updates, and errata.