Notifications
Clear all

New Forensics Book

3 Posts
2 Users
0 Likes
295 Views
keydet89
(@keydet89)
Posts: 3568
Famed Member
Topic starter
 

All,

I've found a publisher who wants to publish my second book.

This book will cover a variety of topics specific to information collection and analysis under live response and post-mortem conditions, specifically for Windows systems. However, with the tools and techniques presented in this book, the analyst will not be restricted solely to Windows as the analysis platform (many of the tools I created for this book have been successfully testing on Windows, Linux, and Mac OS/X platforms).

This book will not cover topics that are not specific to Windows, such as imaging procedures, etc.

I've included a brief, conceptual outline below. My goal is to make this a valuable resource, full of explanations, examples, and exercises.

I'd like to get your input on this, as well. Your comments are appreciated.

Thanks,

Harlan
—————————————————

Chapter 1 – Introduction
- Purpose of the book, intended audience, what the book does/does not address

*Live Response section
Chapter 2 – Collecting Volatile Data
- Address live response, volatile data collection (ie, what to collect, how to collect it)

Chapter 3 – Analyzing Volatile Data
- How to understand what you've collected; data reduction/correlation techniques for volatile data

Chapter 4 – Windows Memory Analysis
- Description of \\.\PhysicalMemory, how to dump it, how to parse\analyze it.

*Post-Mortem section
Chapter 5 – Registry Analysis
- An explanation/description of the Windows Registry, how to locate information, etc. This chapter will have many subsections covering specific areas, such as USB removable storage devices, etc.

Chapter 6 – Log/File Analysis
- Covers descriptions of files maintained by Windows for logging, etc. Covers several directories, explaining why/how they're used.

Chapter 7 – Malware analysis for Administrators
- PE file analysis for Administrators/investigators. This is not a debugger/disassembler training guide.

Chapter 8 – Rootkits and rootkit detection
- Descriptions of rootkits, detection techniques, etc.

 
Posted : 22/06/2006 6:48 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
Topic starter
 

I'd started the book earlier this year when my original publisher was still considering it. My goal is to have it completed and on the shelves next spring…

 
Posted : 22/06/2006 9:46 pm
cfprof
(@cfprof)
Posts: 80
Trusted Member
 

Harlan,

This looks very interesting. Speaking as a professor who teaches computer forensics, we are always looking for good textbooks.

I know that your previous book was very well regarded, but this one seems a bit more aligned with our degree program.

Can't wait to read it……

Also, thanks for all of your posts here.

Scott

 
Posted : 28/06/2006 7:04 am
Share: