1. Analysis Concepts
2. Incident Preparation
3. Volume Shadow Copies
4. File Analysis
5. Registry Analysis
6. Malware Detection
7. Timeline Analysis
8. Application Analysis
Harlan Carvey (CISSP) is a Vice President of Advanced Security Projects with Terremark Worldwide, Inc. Terremark is a leading global provider of IT infrastructure and "cloud computing" services, based in Miami, FL. Harlan is a key contributor to the Engagement Services practice, providing disk forensics analysis, consulting, and training services to both internal and external customers. Harlan has provided forensic analysis services for the hospitality industry, financial institutions, as well as federal government and law enforcement agencies. Harlan's primary areas of interest include research and development of novel analysis solutions, with a focus on Windows platforms. Harlan holds a bachelor's degree in electrical engineering from the Virginia Military Institute and a master's degree in the same discipline from the Naval Postgraduate School. Harlan resides in Northern Virginia with his family.
"Harlan has done it again! Continuing in the tradition of
excellence established by the previous editions, Windows Forensics
Analysis Toolkit 3e is an indispensable resource for any forensic
examiner. Whether you're a seasoned veteran or just starting out,
this work is required reading. WFA3e will maintain a perennial spot
on my core reference bookshelf!" --Cory Altheide, Google
"Windows Forensic Analysis Toolkit 3rd Edition provides a wealth of
important information for new and old practitioners alike. Not only
does it provide a great overview of artifacts of interest on
Windows 7 systems, but it also presents plenty of technology
independent concepts that play an important role in any
investigation. Feel free to place a copy on your shelf next to WFA
2ed and WRF." --Digital4rensics.com
"The third edition of this reference for system administrators,
digital forensic analysts, students, and law enforcement does not
replace the second edition, but rather serves as a companion.
Coverage encompasses areas such as immediate response, volume
shadow copies, file and registry analysis, malware detection, and
application analysis. Learning features include b&w
screenshots, tip and warning boxes, code (also available on a
website), case studies, and 'war stories' from the field. The tools
described throughout the book are written in the Perl scripting
language, but readers don't need to be experts in Perl, and most of
the scripts are accompanied by Windows executables found online.
For this third edition, a companion website provides printable
checklists, cheat sheets, custom tools, and demos."--Reference and
Research Book News, Inc.
"There is a good reason behind the success of the previous editions
of this book, and it has to do with two things: new Windows
versions are different enough from previous ones to warrant a new
edition and, most importantly, the author is simply that good at
explaining things. This edition is no different." --HelpNetSecurity
Ask a Question About this Product More... |