Mastering Windows Network Forensics and Investigation

This professional guide teaches law enforcement personnel, prosecutors, and corporate investigators how to investigate crimes involving Windows computers and Windows networks. A top team of forensic experts details how and why Windows networks are targeted, shows you how to analyze computers and computer logs, explains chain of custody, and covers such tricky topics as how to gather accurate testimony from employees in politically charged corporate settings.

From recognizing high-tech criminal activity to presenting evidence in a way that juries and judges understand, this book thoroughly covers the range of skills, standards, and step-by-step procedures you need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.

Coverage includes:

• Responding to a reported computer intrusion
• Understanding how attackers exploit Windows networks
• Deciphering Windows ports, services, file systems, and the registry
• Examining suspects' computers and entire networks
• Analyzing event logs and data using live analysis techniques
• Exploring new complexities from cloud computing and virtualization

Investigate Computer Crimes in Windows Environments

Fully Updated for Windows Server 2008 and Windows 7

Discover How to Locate and Analyze an Attacker's Tools

Learn Detailed Windows Event Log Analysis