ebook img

Perl Scripting for Windows Security: Live Response, Forensic Analysis, and Monitoring PDF

221 Pages·2007·5.55 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Perl Scripting for Windows Security: Live Response, Forensic Analysis, and Monitoring

Harlan Carvey This page intentionally left blank Elsevier, Inc., the author(s), and any person or fi rm involved in the writing, editing, or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profi ts, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and fi les. Syngress Media®, Syngress®, “Career Advancement Through Skill Enhancement®,” “Ask the Author UPDATE®,” and “Hack Proofi ng®,” are registered trademarks of Elsevier, Inc. “Syngress: The Defi nition of a Serious Security Library”™, “Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Elsevier, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. PUBLISHED BY Syngress Publishing, Inc. Elsevier, Inc. 30 Corporate Drive Burlington, MA 01803 Live Response, Forensic Analysis, and Monitoring Copyright © 2007 by Elsevier, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN 13: 978-1-59749-173-0 Publisher: Andrew Williams Page Layout and Art: SPi Technical Editor: Dave kleiman Copy Editor: Judy Eby For information on rights, translations, and bulk sales, contact Matt Pedersen, Commercial Sales Director and Rights, at Syngress Publishing; email This page intentionally left blank To Terri and Kylie This page intentionally left blank Author Harlan Carvey (CISSP), author of the acclaimed Windows Forensics and Incident Recovery, is a computer forensics and incident response consultant based out of the Northern VA/Metro DC area. He currently provides emergency incident response and computer forensic analysis services to clients throughout the U.S. His specialties include focusing specifi cally on the Windows 2000 and later platforms with regard to incident response, Registry and memory analysis, and post-mortem computer forensic analysis. Harlan’s background includes positions as a consultant performing vulnerability assessments and penetration tests and as a full-time security engineer. He also has supported federal government agencies with incident response and computer forensic services. Harlan holds a bachelor’s degree in electrical engineering from the Virginia Military Institute and a master’s degree in electrical engineering from the Naval Postgraduate School. Harlan would like to thank his wife, Terri, for her support, patience, and humor throughout the entire process of writing his second book. Harlan wrote Parts I and II. vii Technical Editor Dave Kleiman (CAS, CCE, CIFI, CEECS, CISM, CISSP, ISSAP, ISSMP, MCSE, MVP) has worked in the Information Technology Security sector since 1990. Currently, he runs an independent Computer Forensic company DaveKleiman.com that specializes in litigation support, computer forensic investigations, incident response, and intrusion analysis. He developed a Windows Operating System lockdown tool, S-Lok, which surpasses NSA, NIST, and Microsoft Common Criteria Guidelines. He is frequently a speaker at many national security conferences and is a regular contributor to security-related newsletters, websites, and Internet forums. Dave is a member of many professional security organizations, including the Miami Electronic Crimes Task Force (MECTF), International Association of Computer Investigative Specialists (IACIS), International Information Systems Forensics Association (IISFA), the International Society of Forensic Computer Examiners (ISFCE), Information Systems Audit and Control Association (ISACA), High Technology Crime Investigation Association (HTCIA), Association of Certifi ed Fraud Examiners (ACFE), High Tech Crime Consortium (HTCC), and the International Association of Counter Terrorism and Security Professionals (IACSP). He is also the Sector Chief for Information Technology at the FBI’s InfraGard. Dave was a contributing author for Microsoft Log Parser Toolkit (Syngress Publishing, ISBN: 1932266526), Security Log Management: Identifying Patterns in the Chaos (Syngress Publishing, ISBN: 1597490423) and, How to Cheat at Windows System Administration (Syngress Publishing ISBN: 1597491055). Technical Editor for Perfect Passwords: Selection, Protection, Authentication (Syngress Publishing, ISBN: 1597490415), Winternals Defragmentation, Recovery, and Administration Field Guide (Syngress Publishing, ISBN: 1597490792), Windows Forensic Analysis: Including DVD Toolkit (Syngress Pub- lishing, ISBN: 159749156X), The Offi cial CHFI Study Guide (Syngress Publishing, ISBN: 1597491977), and CD and DVD Forensics (Syngress Publishing, ISBN: 1597491284). He was Technical Reviewer for Enemy at the Water Cooler: Real Life Stories of Insider Threats (Syngress Publishing ISBN: 1597491292). viii Contributing Author Jeremy Faircloth (Security+, CCNA, MCSE, MCP+I, A+, etc.) is an IT Manager for EchoStar Satellite L.L.C., where he and his team architect and maintain enterprisewide client/server and Web-based technologies. He also acts as a technical resource for other IT professionals, using his expertise to help others expand their knowledge. As a systems engineer with over 13 years of real-world IT experience, he has become an expert in many areas, including Web development, database administration, enterprise security, network design, and project management. Jeremy has contributed to several Syngress books, including Microsoft Log Parser Toolkit (Syngress, ISBN: 1932266526), Managing and Securing a Cisco SWAN (ISBN: 1932266917), C# for Java Programmers (ISBN: 193183654X), Snort 2.0 Intrusion Detection (ISBN: 1931836744), and Security+ Study Guide & DVD Training System (ISBN: 1931836728). Jeremy wrote Part III. ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.