Windows Forensics and Incident Recovery

About this site
This web site supports my book, Windows Forensics and Incident Recovery. Over time, additional content will be added to this site, such as code from the book, information about the book, and errata (but hopefully not too much).

About the course
The Windows Incident Response Course is based on the book, using the material in the book as a beginning. The course expands on seo preston material presented in the book, giving attendees the opportunity to work with the tools and techniques presented in the book.

About the book
This is the first book to address the topic of incident response/recovery and forensics solely for manchester locksmiths systems. The book addresses issues such as preparing for incidents, and what to when incidents occur, all the way up to making a bit-level image of the hard drive.

Windows Forensics and Incident Recovery, is currently available in bookstores, as well as through Amazon, BookPool, and other online london local locksmith. Click here to see the cover of the book.

Reviews Click here for a review at Help Net Security.

Read the review on Slashdot, or on Information Security News. Here's a review published in SC Magazine.

Sample Chapter
Click here to download a PDF copy of the sample chapter, Chapter 8, Using the Forensic Server Project

  • This is the first book to focus on incident recovery and forensics specifically for Windows NT/2K/XP/2K3 systems.
  • The book contains case studies and examples, as well as a unique content developed by the author.
  • The book includes an accompanying CD that contains the code used in the book, developed by the author, as well as network traffic captures for the reader to review and decipher.

    Table of Contents
  • Chapter 1 - Introduction
  • Chapter 2 - How Incidents Occur
  • Chapter 3 - Data Hiding
  • Chapter 4 - Incident Preparation
  • Chapter 5 - Incident Response Tools
  • Chapter 6 - Developing a Methodology
  • Chapter 7 - Knowing What To Look For
  • Chapter 8 - Using the Forensic Server Project
  • Chapter 9 - Scanners and Sniffers
  • Appendix A - Installing Perl on Windows
  • Appendix B - Web Sites
  • Appendix C - Answers to Chapter 9 Questions

    © 2004 H. Carvey