Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover Contents Introduction Part 1: Understanding and Exploiting Windows Networks
Chapter 1: Network Investigation Overview
Performing the Initial Vetting Meeting with the Victim Organization
Understanding the Victim Network Information Understanding the Incident Identifying and Preserving Evidence Establishing Expectations and Responsibilities
Collecting the Evidence Analyzing the Evidence Analyzing the Suspect’s Computers Recognizing the Investigative Challenges of Microsoft Networks The Bottom Line
Chapter 2: The Microsoft Network Structure
Connecting Computers Windows Domains
Interconnecting Domains Organizational Units
Users and Groups
Types of Accounts Groups
Permissions
File Permissions Share Permissions Reconciling Share and File Permissions
Example Hack The Bottom Line
Chapter 3: Beyond the Windows GUI
Understanding Programs, Processes, and Threads Redirecting Process Flow
DLL Injection Hooking
Maintaining Order Using Privilege Modes Using Rootkits The Bottom Line
Chapter 4: Windows Password Issues
Understanding Windows Password Storage Cracking Windows Passwords Stored on Running Systems Exploring Windows Authentication Mechanisms
LanMan Authentication NTLM Authentication Kerberos Authentication
Sniffing and Cracking Windows Authentication Exchanges
Using ScoopLM and BeatLM to Crack Passwords
Cracking Offline Passwords
Using Cain & Abel to Extract Windows Password Hashes Accessing Passwords through the Windows Password Verifier Extracting Password Hashes from RAM Stealing Credentials from a Running System
The Bottom Line
Chapter 5: Windows Ports and Services
Understanding Ports Using Ports as Evidence Understanding Windows Services The Bottom Line
Part 2: Analyzing the Computer
Chapter 6: Live-Analysis Techniques
Finding Evidence in Memory Creating a Windows Live-Analysis Toolkit
Using DumpIt to Acquire RAM from a 64-Bit Windows 7 System Using WinEn to Acquire RAM from a Windows 7 Environment Using FTK Imager Lite to Acquire RAM from Windows Server 2008 Using Volatility 2.0 to Analyze a Windows 7 32-Bit RAM Image
Monitoring Communication with the Victim Box Scanning the Victim System The Bottom Line
Chapter 7: Windows Filesystems
Filesystems vs. Operating Systems Understanding FAT Filesystems Understanding NTFS Filesystems
Using NTFS Data Structures Creating, Deleting, and Recovering Data in NTFS
Dealing with Alternate Data Streams The exFAT Filesystem The Bottom Line
Chapter 8: The Registry Structure
Understanding Registry Concepts
Registry History Registry Organization and Terminology
Performing Registry Research Viewing the Registry with Forensic Tools Using EnCase to View the Registry
Examining Information Manually Using EnScripts to Extract Information
Using AccessData’s Registry Viewer Other Tools The Bottom Line
Chapter 9: Registry Evidence
Finding Information in the Software Key
Installed Software Last Logon Banners
Exploring Windows Security, Action Center, and Firewall Settings Analyzing Restore Point Registry Settings Windows XP Restore Point Content Analyzing Volume Shadow Copies for Registry Settings Exploring Security Identifiers
Examining the Recycle Bin Examining the ProfileList Registry Key
Investigating User Activity
Examining the PSSP and IntelliForms Keys Examining the MRU Key Examining the RecentDocs Key Examining the TypedURLs Key Examining the UserAssist Key
Extracting LSA Secrets
Using Cain & Abel to Extract LSA Secrets from Your Local Machine
Discovering IP Addresses
Dynamic IP Addresses Getting More Information from the GUID-Named Interface
Compensating for Time Zone Offsets Determining the Startup Locations
Exploring the User Profile Areas Exploring Batch Files Exploring Scheduled Tasks Exploring the AppInit_DLL Key Using EnCase and Registry Viewer Using Autoruns to Determine Startups
The Bottom Line
Chapter 10: Introduction to Malware
Understanding the Purpose of Malware Analysis Malware Analysis Tools and Techniques
Constructing an Effective Malware Analysis Toolkit Analyzing Malicious Code Monitoring Malicious Code Monitoring Malware Network Traffic
The Bottom Line
Part 3: Analyzing the Logs
Chapter 11: Text-Based Logs
Parsing IIS Logs Parsing FTP Logs Parsing DHCP Server Logs Parsing Windows Firewall Logs Using Splunk The Bottom Line
Chapter 12: Windows Event Logs
Understanding the Event Logs
Exploring Auditing Settings
Using Event Viewer
Opening and Saving Event Logs Viewing Event Log Data
Searching with Event Viewer The Bottom Line
Chapter 13: Logon and Account Logon Events
Begin at the Beginning
Comparing Logon and Account Logon Events Analyzing Windows 2003/2008 Logon Events Examining Windows 2003/2008 Account Logon Events
The Bottom Line
Chapter 14: Other Audit Events
The Exploitation of a Network Examining System Log Entries Examining Application Log Entries Evaluating Account Management Events Interpreting File and Other Object Access Events Examining Audit Policy Change Events The Bottom Line
Chapter 15: Forensic Analysis of Event Logs
Windows Event Log Files Internals
Windows Vista/7/2008 Event Logs Windows XP/2003 Event Logs
Repairing Windows XP/2003 Corrupted Event Log Databases Finding and Recovering Event Logs from Free Space The Bottom Line
Part 4: Results, the Cloud, and Virtualization
Chapter 16: Presenting the Results
Report Basics Creating a Narrative Report with Hyperlinks
Creating Hyperlinks Creating and Linking Bookmarks
The Electronic Report Files Creating Timelines
CaseMap and TimeMap Splunk
Testifying about Technical Matters The Bottom Line
Chapter 17: The Challenges of Cloud Computing and Virtualization
What Is Virtualization? The Hypervisor Preparing for Incident Response in Virtual Space Forensic Analysis Techniques
Dead Host-Based Virtual Environment Live Virtual Environment Artifacts
Cloud Computing
What Is It? Services Forensic Challenges Forensic Techniques
The Bottom Line
Part 5: Appendices
Appendix A: The Bottom Line
Chapter 1: Network Investigation Overview Chapter 2: The Microsoft Network Structure Chapter 3: Beyond the Windows GUI Chapter 4: Windows Password Issues Chapter 5: Windows Ports and Services Chapter 6: Live-Analysis Techniques Chapter 7: Windows Filesystems Chapter 8: The Registry Structure Chapter 9: Registry Evidence Chapter 10: Introduction to Malware Chapter 11: Text-based Logs Chapter 12: Windows Event Logs Chapter 13: Logon and Account Logon Events Chapter 14: Other Audit Events Chapter 15: Forensic Analysis of Event Logs Chapter 16: Presenting the Results Chapter 17: The Challenges of Cloud Computing and Virtualization
Appendix B: Test Environments
Software Hardware Setting Up Test Environments in Training Laboratories
Chapter 1: Network Investigation Overview Chapter 2: The Microsoft Network Structure Chapter 3: Beyond the Windows GUI Chapter 4: Windows Password Issues Chapter 5: Windows Ports and Services Chapter 6: Live-Analysis Techniques Chapter 7: Windows Filesystems Chapter 8: The Registry Structure Chapter 9: Registry Evidence Chapter 10: Introduction to Malware Chapter 11: Text-Based Logs Chapter 12: Windows Event Logs Chapter 13: Logon and Account Logon Events Chapter 14: Other Audit Events Chapter 15: Forensic Analysis of Event Logs Chapter 16: Presenting the Results Chapter 17: The Challenges of Cloud Computing and Virtualization
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion