BOOKS & MANUALS
Windows Forensics: The Field Guide for Conducting Corporate Computer Investigations
By Chad Steel
Windows Forensics: The Field Guide for Conducting Corporate Computer Investigations
Added to Cart
Windows Forensics: The Field Guide for Conducting Corporate Computer Investigations
Description
"Windows Forensics: The Field Guide for Conducting Corporate Computer Investigations" prepares you to combat computer crime in the Windows world by presenting you with tools to help recover sabotaged files, track down the source of threatening emails, investigate industrial espionage and expose computer criminals.
Highlights include:
- Identify evidence of fraud, electronic theft and employee internet abuse
- Investigate crime related to instant messaging, Lotus Notes and increasingly popular browsers
- Take advantage of sample forms and layouts as well as case studies
- Protect the integrity of evidence
- Compile a forensic response toolkit
- Assess and analyze damage from computer crime and process the crime scene
- Develop a structure for effectively conducting investigations
- Discover how to locate evidence in the Windows Registry
Product Details
| Label | Value |
|---|---|
| ISBN | 0-470-03862-4 |
| Publisher | John Wiley & Sons Publishing |
| Published | Copyright 2006 |
| Pages | 382 |
| Format | Paperback |
Table of Contents
| Chapter 1 | Windows Forensics |
|---|---|
| Chapter 2 | Processing the Digital Crime Scene |
| Chapter 3 | Windows Forensic Basics |
| Chapter 4 | Partitions and File Systems |
| Chapter 5 | Directory Structure and Special Files |
| Chapter 6 | The Registry |
| Chapter 7 | Forensic Analysis |
| Chapter 8 | Live System Analysis |
| Chapter 9 | Forensic Duplication |
| Chapter 10 | File System Analysis |
| Chapter 11 | Log File Analysis |
| Chapter 12 | Internet Usage Analysis |
| Chapter 13 | Email Investigations |
| Appendix A | Sample Chain of Custody Form |
| Appendix B | Master Boot Record Layout |
| Appendix C | Partition Types |
| Appendix D | FAT32 Boot Sector Layout |
| Appendix E | NTFS Boot Sector Layout |
| Appendix F | NTFS Metafiles |
| Appendix G | Well-Known SIDs |
Ordering and Returns
Satisfaction Guarantee
If you are not 100% satisfied with any ACFE product, you may return it to us, provided it is in excellent condition, for a full refund of the item minus the cost of shipping. Toolkits and bundles may only be returned as a complete set.
Ordering & Returns Policy