Authors: Harlan Carvey
Pages: 460
Publisher: Addison Wesley
ISBN13: 9780321200983
The first book to focus on forensics and incident recovery in a Windows environment
Teaches through case studies and real world-examples
Companion CD contains unique tools developed by the authors
Covers Windows Server 2003, Windows 2000, Windows NT, and Windows XP
If you're responsible for protecting Windows systems, firewalls and anti-virus aren't enough. You also need to master incident response, recovery, and auditing. Leading Windows security expert and instructor Harlan Carvey offers a start-to-finish guide to the subject: everything administrators must know to recognize and respond to virtually any attack.
Drawing on his widely acclaimed course, Carvey uses real-world examples to cover every significant incident response, recovery, and forensics technique. He delivers a complete incident response toolset that combines today's best open source and freeware tools, his own exclusive software and scripts, and step-by-step instructions for using them. This book's tools and techniques apply to every current and professional version of Windows: NT, 2000, XP, and Windows Server 2003. Coverage includes:
Developing a practical methodology for responding to potential attacks
Preparing your systems to prevent and detect incidents
Recognizing the signatures of an attackāin time to act
Uncovering attacks that evade detection by Event Viewer, Task Manager, and other Windows GUI tools
Using the Forensic Server Project to automate data collection during live investigations
Analyzing live forensics data in order to determine what occurred