• Complain
LitArk » Books » Computer

Steven Anson - Mastering Windows Network Forensics and Investigation

Here you can read online Steven Anson - Mastering Windows Network Forensics and Investigation full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2012, publisher: Sybex, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Steven Anson Mastering Windows Network Forensics and Investigation

Mastering Windows Network Forensics and Investigation: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Mastering Windows Network Forensics and Investigation" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

An authoritative guide to investigating high-technology crimes

Internet crime is seemingly ever on the rise, making the need for a comprehensive resource on how to investigate these crimes even more dire. This professional-level book--aimed at law enforcement personnel, prosecutors, and corporate investigators--provides you with the training you need in order to acquire the sophisticated skills and software solutions to stay one step ahead of computer criminals.

  • Specifies the techniques needed to investigate, analyze, and document a criminal act on a Windows computer or network
  • Places a special emphasis on how to thoroughly investigate criminal activity and now just perform the initial response
  • Walks you through ways to present technically complicated material in simple terms that will hold up in court
  • Features content fully updated for Windows Server 2008 R2 and Windows 7
  • Covers the emerging field of Windows Mobile forensics

Also included is a classroom support package to ensure academic adoption, Mastering Windows Network Forensics and Investigation, 2nd Edition offers help for investigating high-technology crimes.

Steven Anson: author's other books


Who wrote Mastering Windows Network Forensics and Investigation? Find out the surname, the name of the author of the book and a list of all author's works by series.


Steven Anson - Mastering Windows Network Forensics and Investigation
Mastering Windows Network Forensics and Investigation
Steven Anson
Mastering Windows Network Forensics and Investigation

Mastering Windows Network Forensics and Investigation — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Mastering Windows Network Forensics and Investigation" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
1234567...188
Part 5
Appendices
  • Appendix A: The Bottom Line
  • Appendix B: Test Environmnets
Appendix A
The Bottom Line

Each of The Bottom Line sections in the chapters suggests exercises to deepen skills and understanding. Sometimes there is only one possible solution, but often you are encouraged to use your skills and creativity to create something that builds on what you know and lets you explore one of many possibilities.

Chapter 1: Network Investigation Overview
Gather important information from the victim of a network incident. It is important to properly vet any report of an incident to ensure that the appropriate people and resources are utilized to address every report. As the number of reported incidents continues to rise, this requirement becomes more and more important to ensure the most efficient utilization of limited agency resources.
We outlined various questions and considerations that any investigator responding to an incident should keep in mind when first interviewing the members of the victim organization. The steps you take at this stage can set the tone for the rest of your investigation and are vital to a rapid and effective response.
Master It You are called regarding a possible computer intrusion into a defense contractors network. After performing an initial interview with the reporting person by phone, you feel confident that an incident has occurred and that you should continue your investigation. What steps would you next take to gather additional information to launch an investigation?
Solution Arrange to meet with the reporting person again in person and without a large number of people present. Gather information about the network topology and what the reporting person observed that made her suspect that an intrusion has occurred. Arrange to meet with the other people within the organization to discuss the incident in detail. At that meeting consider questions such as the following:
  • What makes you believe that you are the victim of a computer crime?
  • What systems are involved, what data do they store, and were they damaged?
  • When did the attack occur?
  • How was the attack discovered, and who knows about the discovery?
  • Did the attacker seem to have familiarity with the network or systems impacted?
Be sure to get a thorough understanding of the network environment, normal patterns of use, possible sources of evidence, and the responsibilities and contact information of the various members of the victim organization whose assistance you may need throughout your investigation.
Identify potential sources of evidence in a network investigation. Evidence within a digital crime scene can be located in many different places. It is important to consider how data flows through a network to determine which network devices may have recorded information that can be of evidentiary value. In addition to logs that may be kept on the victim computer, explore logs generated by firewalls, IDSs, routers, wireless devices, authentication servers, and proxy servers that may have recorded information about the attack.
Master It You are called to a company where they suspect that a disgruntled system administrator has accessed the companys database from outside the company and deleted multiple important records. The logs on the database server have been deleted, leaving no trace of the attack. What are some other possible sources of evidence for this incident?
Solution Since the attack is alleged to have occurred from outside the company, consider which perimeter devices may have recorded the attack. Devices such as firewalls, intrusion detection systems, and VPN concentrators will frequently generate logs relating to connection and access attempts. The company may use a central authentication server such as a Kerberos or RADIUS system to authenticate all network access. These devices are excellent sources of log data. A centralized logging server, such as a syslog server or SIEM, may be configured to store logs. Backup systems may exist that could contain logs that were later deleted by the attacker from their original location but that still exist as a backup file. Forensic recovery of the deleted log files from the victim server may also be possible. Finally, evidence may exist at the computer used to launch the attack. Dont forget to use standard investigative steps to determine the whereabouts of the suspect to try locating any computers that may have been used to launch the alleged attack.
Understand types of information to look for during analysis of collected evidence. After the evidence is properly secured, the analysis phase should be completed as quickly and accurately as possible to allow time to follow up on any other investigative leads that the analysis may suggest. The analysis should be thorough and may be time consuming, but as new investigative leads are discovered, you should take immediate action to preserve that evidence for later collection.
Once suspects are located, a thorough search for digital evidence should ensue to gather all possible evidence of their involvement in the incident. As analysis of collected evidence occurs, you may uncover evidence that proves the reported incident along with evidence of crimes that were not previously known. Thorough analysis and interviewing may lead to the discovery of multiple other victims and other crimes.
Evidence to search for will depend on the specific investigation, but common items of interest include the following:
  • Access around the time of the suspected incident
  • Access at unusual times or from unusual locations
  • Repeated failed access attempts
  • Evidence of scanning or probing that preceded the incident
  • Data transfers that occurred after the incident
  • Evidence of the victims files, IP addresses, and the like on the suspects computers
  • Detection of known malicious software or exploit methods
Master It While investigating an alleged attack against a local government finance server, you locate and seize a computer believed to have been used by the suspect. What are some types of evidence that you should look for on the suspects computer?
Solution Look in the suspects computer for signs of any tools that may have been used to perform recon of the victim network or to launch an attack against it. Check the web browser history for any evidence showing that the suspect was targeting the local government systems. Perform string searches for the victim computers IP addresses, machine name, DNS name, or other identifying information that may link the suspect computer to the victim. Search for any files on the suspect system that may have come from the victim, including any deleted files. Search for usernames or passwords of users of the local government system that may have been stored by the attacker.
Chapter 2: The Microsoft Network Structure
Explain the difference between a domain and a workgroup as it relates to a network investigation. Domains are centrally managed collections of computers that rely on a network infrastructure that includes domain controllers. Computers participating in a domain surrender much of their autonomy in order to benefit from centralized administration. Domains enforce common policies and maintain a list of domain-wide accounts on the domain controllers.
Workgroups are simply independent computers that are grouped together for purposes of sharing information. Each machine is essentially an island unto itself, with its own accounts, policies, and permissions. The local Administrator account is the ultimate authority on a workgroup computer, and the SAM maintains the list of authorized users.
Next page
1234567...188
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Mastering Windows Network Forensics and Investigation»

Look at similar books to Mastering Windows Network Forensics and Investigation. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Sara Perrott - Windows Server 2022 & Powershell All-in-One For Dummies
Windows Server 2022 & Powershell All-in-One For Dummies
Sara Perrott
Windows Server 2022 & Powershell All-in-One For Dummies
No cover
No cover
Smart Brain Training Solutions
Active Directory Fast Start: A Quick Start Guide for Active Directory
Ligh Michael Hale - Art of memory forensics: detecting malware and threats in Windows, Linux, and Mac memory
Art of memory forensics: detecting malware and threats in Windows, Linux, and Mac memory
Ligh Michael Hale
Art of memory forensics: detecting malware and threats in Windows, Linux, and Mac memory
Woody Leonhard - Windows 7 All-in-One For Dummies
Windows 7 All-in-One For Dummies
Woody Leonhard
Windows 7 All-in-One For Dummies
No cover
No cover
Rohit Tamma
Practical Mobile Forensics: Forensically investigate and analyze iOS, Android, and Windows 10 devices, 4th Edition
No cover
No cover
Heather Mahalik
Practical Mobile Forensics: A hands-on guide to mastering mobile forensics for the iOS, Android, and the Windows Phone platforms
William Stanek - Windows Command Line
Windows Command Line
William Stanek
Windows Command Line
Mike Halsey - Windows 8: Out of the Box
Windows 8: Out of the Box
Mike Halsey
Windows 8: Out of the Box
Kevin Wilson - Using Windows 8.1: Return of the Start Button
Using Windows 8.1: Return of the Start Button
Kevin Wilson
Using Windows 8.1: Return of the Start Button
No cover
No cover
Derrick Rountree
Windows 2012 Server Network Security: Securing Your Windows Network Systems and Infrastructure
Woody Leonhard - Windows 8 All-in-One For Dummies
Windows 8 All-in-One For Dummies
Woody Leonhard
Windows 8 All-in-One For Dummies
No cover
No cover
David Icove
Computer Crime (Computer Security)
Reviews about «Mastering Windows Network Forensics and Investigation»

Discussion, reviews of the book Mastering Windows Network Forensics and Investigation and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.