Table of Contents

Cover image

Title page

Copyright

Dedication

Preface

Intended Audience

Organization of This Book

DVD Contents

Acknowledgments

About the Author

About the Technical Editor

Chapter 1. Analysis Concepts

Introduction

Analysis concepts

Setting up an analysis system

Summary

Chapter 2. Incident Preparation

Introduction

Being prepared to respond

Data collection

Business models

Summary

Chapter 3. Volume Shadow Copies

Introduction

What are “volume shadow copies”?

Live systems

Acquired images

Windows 8

Summary

Reference

Chapter 4. File Analysis

Information in This Chapter

Introduction

MFT

Event logs

Recycle bin

Prefetch files

Scheduled tasks

Jump lists

Hibernation files

Application files

Summary

References

Chapter 5. Registry Analysis

Introduction

Registry analysis

Summary

References

Chapter 6. Malware Detection

Information in This Chapter

Introduction

Malware Characteristics

Detecting Malware

Summary

References

Chapter 7. Timeline Analysis

Introduction

Timelines

Creating Timelines

Case Study

Summary

Chapter 8. Correlating Artifacts

Introduction

How-Tos

Summary

Chapter 9. Reporting

Introduction

Goals

Case Notes

Reporting

Summary

Index