In weniger als einer Minute können Sie mit dem Lesen von Windows Forensic Analysis Toolkit auf Ihrem Kindle beginnen. Sie haben noch keinen Kindle? Hier kaufen Oder fangen Sie mit einer unserer gratis Kindle Lese-Apps sofort an zu lesen.

An Ihren Kindle oder ein anderes Gerät senden


Kostenlos testen

Jetzt kostenlos reinlesen

An Ihren Kindle oder ein anderes Gerät senden

Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.
Der Artikel ist in folgender Variante leider nicht verfügbar
Keine Abbildung vorhanden für
Keine Abbildung vorhanden


Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 [Kindle Edition]

Harlan Carvey
1.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)

Kindle-Preis: EUR 36,73 Inkl. MwSt. und kostenloser drahtloser Lieferung über Amazon Whispernet

Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 36,73  
Taschenbuch EUR 54,52  

Kunden, die diesen Artikel gekauft haben, kauften auch



"Harlan has done it again! Continuing in the tradition of excellence established by the previous editions, Windows Forensics Analysis Toolkit 3e is an indispensable resource for any forensic examiner. Whether you're a seasoned veteran or just starting out, this work is required reading. WFA3e will maintain a perennial spot on my core reference bookshelf!"--Cory Altheide, Google "Windows Forensic Analysis Toolkit 3rd Edition provides a wealth of important information for new and old practitioners alike. Not only does it provide a great overview of artifacts of interest on Windows 7 systems, but it also presents plenty of technology independent concepts that play an important role in any investigation. Feel free to place a copy on your shelf next to WFA 2ed and WRF." "The third edition of this reference for system administrators, digital forensic analysts, students, and law enforcement does not replace the second edition, but rather serves as a companion. Coverage encompasses areas such as immediate response, volume shadow copies, file and registry analysis, malware detection, and application analysis. Learning features include b&w screenshots, tip and warning boxes, code (also available on a website), case studies, and 'war stories' from the field. The tools described throughout the book are written in the Perl scripting language, but readers don't need to be experts in Perl, and most of the scripts are accompanied by Windows executables found online. For this third edition, a companion website provides printable checklists, cheat sheets, custom tools, and demos."--Reference and Research Book News, Inc. "There is a good reason behind the success of the previous editions of this book, and it has to do with two things: new Windows versions are different enough from previous ones to warrant a new edition and, most importantly, the author is simply that good at explaining things. This edition is no different."--HelpNetSecurity


Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 provides an overview of live and postmortem response collection and analysis methodologies for Windows 7. It considers the core investigative and analysis concepts that are critical to the work of professionals within the digital forensic analysis community, as well as the need for immediate response once an incident has been identified.
Organized into eight chapters, the book discusses Volume Shadow Copies (VSCs) in the context of digital forensics and explains how analysts can access the wealth of information available in VSCs without interacting with the live system or purchasing expensive solutions. It also describes files and data structures that are new to Windows 7 (or Vista), Windows Registry Forensics, how the presence of malware within an image acquired from a Windows system can be detected, the idea of timeline analysis as applied to digital forensic analysis, and concepts and techniques that are often associated with dynamic malware analysis. Also included are several tools written in the Perl scripting language, accompanied by Windows executables.
This book will prove useful to digital forensic analysts, incident responders, law enforcement officers, students, researchers, system administrators, hobbyists, or anyone with an interest in digital forensic analysis of Windows 7 systems.

  • Timely 3e of a Syngress digital forensic bestseller
  • Updated to cover Windows 7 systems, the newest Windows version
  • New online companion website houses checklists, cheat sheets, free tools, and demos


  • Format: Kindle Edition
  • Dateigröße: 2449 KB
  • Seitenzahl der Print-Ausgabe: 296 Seiten
  • Verlag: Syngress; Auflage: 3 (27. Januar 2012)
  • Verkauf durch: Amazon Media EU S.à r.l.
  • Sprache: Englisch
  • ASIN: B00746IPC8
  • Text-to-Speech (Vorlesemodus): Aktiviert
  • X-Ray:
  • Durchschnittliche Kundenbewertung: 1.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)
  • Amazon Bestseller-Rang: #333.018 Bezahlt in Kindle-Shop (Siehe Top 100 Bezahlt in Kindle-Shop)

  •  Ist der Verkauf dieses Produkts für Sie nicht akzeptabel?

Mehr über den Autor

Entdecken Sie Bücher, lesen Sie über Autoren und mehr


5 Sterne
4 Sterne
3 Sterne
2 Sterne
1.0 von 5 Sternen
1.0 von 5 Sternen
Die hilfreichsten Kundenrezensionen
1 von 1 Kunden fanden die folgende Rezension hilfreich
1.0 von 5 Sternen Carvey kennt wohl kein Altern von IT Produkten. 18. November 2012
Format:Taschenbuch|Verifizierter Kauf
Eigentlich wollte ich die neusten Mittel der Forensik für und über die aktuellen Windows-Versionen haben.
Was aber leider in der Produktbeschreibung verschwiegen wurde, war, daß dieses Buch nicht die 2. Ausgabe ersetzt wie üblich, sondern nur windows7-relevante Bereiche ergänzt.
D.h., die Methoden und Vorgehensweisen, die in der 2. Ausgabe behandelt wurden und noch brauchbar wären (482 Seiten!), werden hier nicht nochmal behandelt.
Daher legt er uns nahe, auch die 2. Ausgabe zu besitzen, immerhin gute 3 Jahre alt.
Hoffentlich steht in deren Vorwort nicht, daß man auch die 1. Ausgabe, die Windows NT behandelt, unbedingt braucht.
Kauft man aber die 2. Ausgabe, kann man mit Sicherheit davon ausgehen, daß Vieles veraltet ist, zumal es sich speziell um winXP handelt, das ja eigentlich schon tot ist.
Warum also soll ich an einem toten Betriebssystem Forensik üben und nicht gleich alle Techniken mit win7?

Mein Fazit: Das Buch ist eine halbe Sache, dem unnötig viele wichtige und zeitlich angepasste Techniken aus der 2. Ausgabe fehlen.

Gott sei Dank, kann ich es noch zurückschicken. Es gibt sicher andere gute Alternativen dazu.
Carvey scheint vor lauter Bäumen den Wald übersehen zu haben.
Sorry, I just realized that all of the reviews are in english so I'd like to address a few words to the english audience:
If someone had started 3 or more years ago with this topic then this book will be very valuable as a continuous work.
For people who start now dealing with forensics, it's not a good idea for them to have to buy additionally the "oldfashioned" second edition dealing with XP, a dead OS. The 3E is in this case somehow incomplete. I'm sure the 2E could be brought up to date using the newest versions of Windows.
War diese Rezension für Sie hilfreich?
Die hilfreichsten Kundenrezensionen auf (beta) 4.7 von 5 Sternen  10 Rezensionen
3 von 3 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen The third essential volume in Harlan Carvey's Windows forensic "trilogy" 6. März 2012
Von Jennifer Kolde - Veröffentlicht auf
If you've worked with Windows for any length of time, you know that each subsequent version of Microsoft's operating system tends to be almost the same...and yet entirely different. Windows 7 is no exception, giving us many familiar logs, structures, and artifacts that we know from Windows XP or 2003...only revised and expanded, or in different locations, or in different formats, or all of the above. Not to mention the brand new stuff.

Harlan has once again found the sweet spot - instead of fully revising the Second Edition of his book (which would be premature, as most environments still have extensive XP / 2003 infrastructure in place, and likely will for some time), he provides a companion book that builds on his previous volumes and outlines the new technologies and key differences between Windows 7 and earlier versions of the OS.

Now that many corporations are finally rolling out Windows 7 in force, forensic examiners are also making the transition to analyzing "new" Windows systems. This book provides the essential reference for Windows 7 analysis. While many of the technologies and techniques in Harlan's book have been discussed on blogs, mailing lists, and at conferences, he has been kind enough to collect the information in one place. In addition, he has been thorough enough to verify and expand upon the information through his own research and analysis, providing real world examples, tips, and cautions along the way.

Finally, as always Harlan writes with a keen awareness - both first-hand and through his extensive industry contacts - of what is current "in the field". This encompasses not only the specific questions and challenges faced by real analysts in real cases, but the tools and techniques in use or under development to address those issues. Harlan's information is both timely and relevant...and all the better for those of us on a budget that many of those tools and techniques he discusses are free and / or open source.

Harlan Carvey's "Windows Forensic Analysis Toolkit - Third Edition" is a welcome companion to both his Second Edition and Windows Registry Analysis. The three form a set that no Windows incident responder or forensic analyst should be without.
3 von 3 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen Cyber Forensic 18. Februar 2013
Von Katie - Veröffentlicht auf
Format:Taschenbuch|Verifizierter Kauf
I needed this book for my forensic class and I was able to find it for a great price. The book is a bit boring the author keeps going off on tangents about his life, instead of teaching
2 von 2 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen A perfect companion 26. Februar 2012
Von Jimmy Weg - Veröffentlicht auf
I found that Harlan's latest book is a great adjunct to my collection of his works. While it presents many of the essential operating system updates that we've discussed on forums, it also reviews enough previously published material to give the reader a foundation upon which to grasp important topics that haven't been issues in earlier systems. I like the way that Harlan laid out the chapters; he presents the material succinctly, yet with sufficient detail to provide a worthwhile learning experience. From my perspective, I particularly appreciate the Malware Detection chapter, as it presents a very nice summary of problems that many law enforcement examiners face, and Harlan provides not only direction, but tells us why certain procedures and artifacts are important.
1 von 1 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Easy to read and follow 15. Mai 2014
Von Brandon Meyer - Veröffentlicht auf
Format:Taschenbuch|Verifizierter Kauf
This book is a great extension to the second edition. NOTE: THIS BOOK CONTINUES ON FROM THE SECOND EDITION. This is not a complete rewrite or modifications, this is a continuation which means it references things that Harlan mentions in the Second Edition.
With that out of the way this book is great. I read along and I don't get bored, normally I would be bored with books like this but the writing is great so I can follow along easily. The tips and tidbits are great that go with. I highly recommend this book.
1 von 1 Kunden fanden die folgende Rezension hilfreich
4.0 von 5 Sternen Good Read 18. März 2014
Von W. Reis - Veröffentlicht auf
Format:Taschenbuch|Verifizierter Kauf
If you are interested in this subject this is a good primer for the basics and how to documentation. Nice layout do not have to read from cover to cover
Waren diese Rezensionen hilfreich?   Wir wollen von Ihnen hören.
Kundenrezensionen suchen
Nur in den Rezensionen zu diesem Produkt suchen

Kunden diskutieren

Das Forum zu diesem Produkt
Diskussion Antworten Jüngster Beitrag
Noch keine Diskussionen

Fragen stellen, Meinungen austauschen, Einblicke gewinnen
Neue Diskussion starten
Erster Beitrag:
Eingabe des Log-ins

Kundendiskussionen durchsuchen
Alle Amazon-Diskussionen durchsuchen

Ähnliche Artikel finden