Executing Windows Command Line Investigations

While Ensuring Evidentiary Integrity
 
 
Syngress (Verlag)
  • 1. Auflage
  • |
  • erschienen am 11. Juni 2016
  • |
  • 228 Seiten
 
E-Book | ePUB mit Adobe DRM | Systemvoraussetzungen
E-Book | PDF mit Adobe DRM | Systemvoraussetzungen
978-0-12-809271-2 (ISBN)
 

The book Executing Windows Command Line Investigations targets the needs of cyber security practitioners who focus on digital forensics and incident response. These are the individuals who are ultimately responsible for executing critical tasks such as incident response; forensic analysis and triage; damage assessments; espionage or other criminal investigations; malware analysis; and responding to human resource violations.

The authors lead readers through the importance of Windows CLI, as well as optimal configuration and usage. Readers will then learn the importance of maintaining evidentiary integrity, evidence volatility, and gain appropriate insight into methodologies that limit the potential of inadvertently destroying or otherwise altering evidence. Next, readers will be given an overview on how to use the proprietary software that accompanies the book as a download from the companion website. This software, called Proactive Incident Response Command Shell (PIRCS), developed by Harris Corporation provides an interface similar to that of a Windows CLI that automates evidentiary chain of custody and reduces human error and documentation gaps during incident response.


  • Includes a free download of the Proactive Incident Response Command Shell (PIRCS) software
  • Learn about the technical details of Windows CLI so you can directly manage every aspect of incident response evidence acquisition and triage, while maintaining evidentiary integrity


Chet Hosmer is the Founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using the Python programming language. Chet serves as a visiting professor at Utica College in the Cybersecurity Graduate program where his research and teaching focus on advanced steganography/data hiding methods and related defenses. He is also an Adjunct Faculty member at Champlain College in the Masters of Science in Digital Forensic Science Program where he is researching and working with graduate students to advance the application Python to solve hard problems facing digital investigators.
Chet makes numerous appearances each year to discuss emerging cyber threats including National Public Radio's Kojo Nnamdi show, ABC's Primetime Thursday, NHK Japan and ABC News Australia. He is also a frequent contributor to technical and news stories relating to cyber security and forensics and has been interviewed and quoted by IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com, DFI News and Wired Magazine.
He is the author of three recent Elsevier/Syngress Books: Python Passive Network Mapping: ISBN-13: 978-0128027219, Python Forensics: ISBN-13: 978-0124186767 and Data Hiding which is co/authored with Mike Raggo: ISBN-13: 978-1597497435. Chet delivers keynote and plenary talks on various cyber security related topics around the world each year.
  • Englisch
  • Rockland, MA
  • |
  • USA
Elsevier Science
  • 20,34 MB
978-0-12-809271-2 (9780128092712)
0128092718 (0128092718)
weitere Ausgaben werden ermittelt
  • Front Cover
  • Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity
  • Copyright
  • Dedication
  • Contents
  • Biography
  • Foreword
  • Preface
  • Acknowledgments
  • Harris Corporation
  • Chapter 1: The impact of Windows Command Line investigations
  • Introduction
  • Cybercrime Methods and Vulnerabilities
  • Novel Vulnerabilities
  • Cyber Criminals Use the Windows Command Line
  • Turning the Tables
  • Organization of the Book
  • Chapter 1 Review
  • Chapter 1 Summary Questions
  • Additional Resources
  • Chapter 2: Importance of digital evidence integrity
  • Introduction
  • The Importance of Digital Evidence Integrity
  • Digital Integrity Mechanisms
  • One-way cryptographic hashing
  • Hashing static evidence
  • Hashing volatile or live evidence
  • Searching for specific evidence
  • Hash types and origins
  • Digital signatures
  • Signature types and origins
  • Trusted time stamping
  • Summary
  • Chapter 2 Review
  • Chapter 2 Summary Questions
  • Additional Resources
  • Chapter 3: Windows Command Line Interface
  • Introduction
  • What is the Windows Command Line Interface?
  • Breaking Down Windows Commands by Investigation Processes
  • Windows CLI-starting a live investigation
  • Windows CLI-collecting vital system information
  • Capture important system information
  • Basic disk information
  • Basic network information
  • Windows CLI-collecting volatile evidence
  • Windows CLI-running processes and services
  • Windows CLI-active network activities
  • Windows CLI-event logs evidence capture
  • Windows CLI-collecting static evidence and quick searching
  • Alternate data streams
  • Windows CLI-ending a live investigation
  • Chapter 3 Review
  • Chapter 3 Summary Questions
  • Additional Resources
  • Chapter 4: Operating the Proactive Incident Response Command Shell
  • Introduction
  • PIRCS Operational Considerations
  • Preparing PIRCS for Portable Media
  • Step one: wipe the device
  • Step two: format the device
  • Step three: install PIRCS
  • PIRCS Basics
  • PIRCS Advanced Capabilities
  • Chapter 4 Review
  • Chapter 4 Summary Questions
  • Additional Resources
  • Software Download Instructions
  • Chapter 5: Use cases
  • Introduction
  • General Evidence Collection Guidelines
  • Locard's Principle
  • Order of Volatility
  • Tool Selection and Usage
  • Fundamental Digital Evidence Categories
  • Full Memory Capture
  • Capturing full RAM contents with Mandiant Memoryze
  • Initial Host Detail
  • Host name
  • Windows OS version
  • System time
  • Current network configuration
  • Currently logged on user
  • Initial host detail collection recommendation
  • Network Connections
  • Active connections
  • Network connection collection recommendation
  • Active Process, Services, and Scheduled Tasks Details
  • Windows Prefetch Files
  • Web Browser History
  • Windows Registry Data Collection
  • Windows Event Logs
  • File Listings
  • Use Case Examples
  • Spear Phishing Attack Scenario
  • Human resources violation scenario
  • Insider Data Exfiltration Scenario
  • Summary
  • Chapter 5 Review
  • Chapter 5 Summary Questions
  • Additional Resources
  • Chapter 6: Future considerations
  • Introduction
  • Windows 10.x
  • Windows Embedded
  • Advanced Automotive Technology
  • Raspberry Pi
  • Wearable Technology
  • New Command Line Applications
  • In Closing
  • Additional Resources
  • Appendix A: Third-party Windows CLI tools
  • Introduction
  • Appendix B: Windows CLI reference synopsis
  • Introduction
  • Microsoft TechNet
  • Popular Commands for an Examination
  • Additional Resources
  • Index
  • Back Cover

Dateiformat: EPUB
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat EPUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Dateiformat: PDF
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat PDF zeigt auf jeder Hardware eine Buchseite stets identisch an. Daher ist eine PDF auch für ein komplexes Layout geeignet, wie es bei Lehr- und Fachbüchern verwendet wird (Bilder, Tabellen, Spalten, Fußnoten). Bei kleinen Displays von E-Readern oder Smartphones sind PDF leider eher nervig, weil zu viel Scrollen notwendig ist. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Download (sofort verfügbar)

60,63 €
inkl. 19% MwSt.
Download / Einzel-Lizenz
ePUB mit Adobe DRM
siehe Systemvoraussetzungen
PDF mit Adobe DRM
siehe Systemvoraussetzungen
Hinweis: Die Auswahl des von Ihnen gewünschten Dateiformats und des Kopierschutzes erfolgt erst im System des E-Book Anbieters
E-Book bestellen

Unsere Web-Seiten verwenden Cookies. Mit der Nutzung dieser Web-Seiten erklären Sie sich damit einverstanden. Mehr Informationen finden Sie in unserem Datenschutzhinweis. Ok