Главная    Ex Libris    Книги    Журналы    Статьи    Серии    Каталог    Wanted    Загрузка    ХудЛит    Справка    Поиск по индексам    Поиск    Форум   
blank
Авторизация

       
blank
Поиск по указателям

blank
blank
blank
Красота
blank
Carvey H. — Windows forensics and incident recovery
Carvey H. — Windows forensics and incident recovery



Обсудите книгу на научном форуме



Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter


Название: Windows forensics and incident recovery

Автор: Carvey H.

Аннотация:

If you're responsible for protecting Windows systems, firewalls and anti-virus aren't enough. You also need to master incident response, recovery, and auditing. Leading Windows security expert and instructor Harlan Carvey offers a start-to-finish guide to the subject: everything administrators must know to recognize and respond to virtually any attack. Drawing on his widely acclaimed course, Carvey uses real-world examples to cover every significant incident response, recovery, and forensics technique. He delivers a complete incident response toolset that combines today's best open source and freeware tools, his own exclusive software and scripts, and step-by-step instructions for using them. This book's tools and techniques apply to every current and professional version of Windows: NT, 2000, XP, and Windows Server 2003.


Язык: en

Рубрика: Технология/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2004

Количество страниц: 480

Добавлена в каталог: 18.05.2005

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID
blank
Предметный указатель
-a
-c
-m
-s switch      
.dat file      
/si switch      
/t
/t switch      
/tw
/tw switch      
/v switch      
29A      2nd
2in32::Lanman module      
Aaron's Homepage      
Active Directory      [See AD]
ActiveState      
Acxiom Corporation      
AD (Active Directory)      
Administrator passwords      
ads      2nd 3rd 4th 5th 6th 7th
ADS (alternate data stream)      
ADSs      
ADSs (Alternate Data Streams)      
adware      2nd
AFX Rootkit 2003      2nd
AFX Windows Rootkit 2003      2nd 3rd 4th 5th 6th 7th
against local incidents      
AINTX Administrator Tools      
AINTX toolkit      
alternate data stream      [See ADS]
alternate data streams      [See ADSs]
Analyzer      2nd 3rd
analyzing      
analyzing data with FSP      
analyzing executable files      
and ADSs      2nd
and WFP      2nd
anti-virus sites      2nd
anti-virus solutions      2nd
anti-virus websites      2nd
API (Application Programming Interface)      
AppleTree      
Application Configuration dialog      
Application Programming Interface      [See API]
article 174073      
article 328691 MIRC Trojan Realted Attack Detection and Repair      
article Q222192      
article Q230206      
article Q832017 Port Requirements for the Microsoft Windows Server System (s/b ital)      
as services      
assoc      
assoc command      
at.exe      
Attack Vectors      
Attacks      [See also incidents]
Attributes      
audit settings      2nd 3rd
Auditing      
auditpol.exe      2nd
auto-rooters      
automatic incidents      
Autoruns      
AutoStart View      
AutoStart Viewer      
Back Orifice      
Backdoors      2nd
Banner grabbing      
banners      
Batch file for configuring systems      2nd 3rd 4th
batch files      2nd
batchfiles      
Bejtlich, Richard      
Beyond-Security      
Binding      
BinText      
broadband connections      [See high-speed connections]
buffer overflow vulnerabilities      
by changing file attributes      2nd 3rd 4th 5th 6th 7th
cacls.exe      
case management component      
CERT Coordination Center      
changes      
changing      
Characteristics      
characteristics of      
Checksum      
client components      
Clipboard contents      
CLOSELOG      
CLOSELOG command      2nd
cmdline.exe      2nd
code excerpt for retrieving file MAC times      
Code Red II      
Code Red worm      
collecting      
collecting data      
collecting entries      
collecting Event Log entries      
collecting files      2nd 3rd 4th 5th 6th 7th 8th
collecting non-volatile information      2nd 3rd 4th
collecting volatile information      2nd 3rd
collecting with FSP      
Command      
command history      2nd
command line port scanners      
command line tools      
command prompt      
Commands      
commercial tools      
communicating with servers      
complexity      
Composition of      
compound files      2nd 3rd
Comprehensive Perl Archive Network      2nd [See CPAN] [See CPAN]
compromised systems      
compromised Windows 2000 systems      
computer forensics      [See forensics]
computer security incidents      [See incidents]
Configuration      
configuration of      2nd 3rd 4th
Configuring      
configuring systems      2nd 3rd 4th 5th 6th
Connections      
ConnectIPC()      
ConnectIPC() function      
contents for the Recyle Bin      2nd 3rd
contents of Run key      2nd 3rd 4th
contents of specific Registry keys      
Contnets of an exampmle .dat file      
conts of clipboard      
Coordinated Universal Time (UTC)      
copying      
copying files      
copying files from      
corporate email addresses      
correlating      
correlating and analyzing data      2nd 3rd
correlating and analyzing with FSP      2nd 3rd
CPAN      
CPAN (Comprehensive Perl Archive Network)      2nd
Creating      
Cuckoo's Egg, The (s/b ital)      
Cult of the Dead cow      
DACLs (Discretionary Access Control Lists)      
DATA      
data collection activities      
DATA keyword      
data with FSP      
date on live file systems      
dd.exe      2nd
DebPloit      
DebPloit (DEBugger exPLOIT)      
Debug Programs      
defending against      
Defense in depth      
Defense of Duffer's Drift, The (s/b ital)      
defenses      
defenses against      
deleting      
demo versions      
denial of service attacks      
Dependency Walker (depends.exe)      2nd 3rd
depends.exe      2nd 3rd
detecting      
detecting changes in      
detecting with port scanners      [See port scanners]
di.pl
di.pl Perl script      
di.pl Perl script for retrieving drive information      2nd
di.pl script for retrieving drive information      2nd
DiamondCD      
DiamondCS      
Digital signatures      
dir /ah      
dir /ah command      
dir /ta      
dir /ta command      
dir command      
directories      
disabling      
discretionary access control lists      [See DACLs]
displaying      
Dittrich, Dave      
DLL injection      
DLLs      
Documentation      2nd 3rd
DOSKEY      
drawbacks      
drawbacks of      2nd
drawbacks of reinstalling      2nd
drive information      
driverquery      
driverquery command      
drivers      
dumpel.exe      
dumping      
dumping Event Logs      2nd 3rd 4th
dumping lists of workstations from the PDC      
Duronio, Roger      
E-evidence Info      
ease of      2nd 3rd 4th 5th
ease of attacks      2nd 3rd 4th 5th
editors      
EliteWrap      2nd
EliteWrap script for binding Notepad.exe and Sol.exe (Solitaire)      
embedded strings      
end poinnts      
ensuring      
ensuring integrity of      
ensuring integrity of files      
EnumAccountPrivileges()      
enumerating      
Ethereal      2nd
Event log      2nd 3rd
Event Log entries      
event logs      
Event Viewer      
EventComb MT      
EventId.net      
example of contents      
example output of      
Example output of winapimac.pl      
examples      
examples of      
Excel      
Excerpt of case log file from file copy      
executable binders      
Executable files      2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th 16th 17th
executables      
exploiting      
FBI2003.pdf      
FDTE      2nd
FDTE (File Date Time Extractor)      2nd
FILE      
file and directories      2nd 3rd 4th 5th 6th
file associations      
file attributes      [See file attributes]
file binding      2nd 3rd
file client component      2nd 3rd 4th 5th 6th
file command      
File Date Time Extractor (FDTE)      2nd
FILE keyword      
file MAC times      
file segmentation      2nd
File Selector dialog      
file signatures      2nd 3rd
file system changes      
file system within a file      2nd 3rd
File Systems      
file times      2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th
file version information      
file version information (ver.pl)      2nd 3rd
file-sharing programs      
Files      
files added by afx_example.exe installation      
files and directories      2nd 3rd 4th 5th
FILETIME structure      
Firewalls      
First Responder Utility (FRU)      
first responders      
footprints      2nd 3rd 4th 5th
for configuring systems      2nd 3rd 4th
for examining various types of files      
for files      
for FSP      
for incident response      2nd 3rd 4th
for more information      2nd
for obtaining information about files      
for recently accessed files      
for retrieving MAC times of a file      
for retrieving non-volatile information      
for retrieving volatile information      
for searching      2nd
for use with this book      2nd 3rd 4th
Forensic Acquisition Utilities      
Forensic Acquistion Utilities      
forensic audit      [See forensics]
Forensic Server      
Forensic Server Project      [See FSP]
Forensic Server Project (FSP)      
forensics      
Forensics.nl      
Forever worm      
FoundStone      
fport      2nd
fport.exe      
free port scanners      
freeware      
freeware tools      
from a potentially compromised system      
from files using Perl's stat() function      
from other ports      
from PDF files      
from systems      
FRU      2nd 3rd 4th
FRU (First Responder Utility)      
fru.pl      
FSP      
FSP (Forensic Server Project)      2nd
fsw.pl      2nd 3rd
1 2 3 4
blank
Реклама
blank
blank
HR
@Mail.ru
       © Электронная библиотека попечительского совета мехмата МГУ, 2004-2020
Электронная библиотека мехмата МГУ | Valid HTML 4.01! | Valid CSS! О проекте