Carvey H. — Windows forensics and incident recovery :: Электронная библиотека попечительского совета мехмата МГУ

Главная Ex Libris Книги Журналы Статьи Серии Каталог Wanted Загрузка ХудЛит Справка Поиск по индексам Поиск Форум

Авторизация

Поиск по указателям

Carvey H. — Windows forensics and incident recovery

Обсудите книгу на научном форуме

Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: Windows forensics and incident recovery

Автор: Carvey H.

Аннотация:

If you're responsible for protecting Windows systems, firewalls and anti-virus aren't enough. You also need to master incident response, recovery, and auditing. Leading Windows security expert and instructor Harlan Carvey offers a start-to-finish guide to the subject: everything administrators must know to recognize and respond to virtually any attack. Drawing on his widely acclaimed course, Carvey uses real-world examples to cover every significant incident response, recovery, and forensics technique. He delivers a complete incident response toolset that combines today's best open source and freeware tools, his own exclusive software and scripts, and step-by-step instructions for using them. This book's tools and techniques apply to every current and professional version of Windows: NT, 2000, XP, and Windows Server 2003.

Язык:

Рубрика: Технология/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2004

Количество страниц: 480

Добавлена в каталог: 18.05.2005

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID

Предметный указатель

Fsw.pl Perl script for implementing a file system monitor      2nd
FTP site properties
FTP traffic capture
ftype
ftype command
Functions
future of      2nd
Garner, Jr., George M
GatSlag
Geschonneck, Alexander
GetLocalTime()
GetSystemTime()
GetTimeZoneInformation()
getting files from
getting off of servers
GNU General Public License (GNU GPL)
GNU GPL (General Public License)
Google
GoToMyPC
GPList
GPOs
GPOs (Group Policy Objects)
GPResult.exe
group policies      2nd 3rd
group policy information      2nd 3rd 4th
Group Policy Objects      [See GPOs]
GUI tools
Handle.exe
Hardening
hash.pl      2nd
Hash.pl, a Perl script that computes MD5 and SHA-1 hashes for a file
hashes
help
Heyne, Frank
HFS (Hierarchical File System)
hidden attribute      2nd 3rd
hiding
Hiding data
hiding data in
hiding date on live file systems      2nd 3rd 4th 5th 6th 7th
hiding documents in Excel spreadsheets      2nd 3rd
hiding documents in Word documents      2nd 3rd
hiding on live file systems
hiding spreadsheets in Word documents      2nd 3rd
Hierarchical File Systems      [See HFS]
High-speed connections
Hoglund, Greg      2nd
host configuration      2nd
Hydan
IDE (Integrated Development Environment)
IIS
IIS (Internet Information Server)
IIS traffic capture
image files
in Excel spreadsheets      2nd 3rd
in executables
in Office document      2nd 3rd 4th 5th 6th
in Office documents      2nd 3rd 4th 5th 6th
in Registry      2nd 3rd 4th
in the Registry      2nd 3rd 4th
incident preparation
incident response policies      2nd 3rd 4th
incidents      2nd
InControl5      2nd
infected systems
infected Windows 2003 systems      2nd 3rd
infection vectors      2nd 3rd 4th
INFO2
information
initial configuration dialog
initial configuration dialog for
InPEct
Insecure.org
Install
Installation
installations of malware
Installing
Integrated Development Environment      [See IDE]
integrity of files
Internet Information Server      [See IIS]
Internet Relay Chat      [See IRC]
Internetwork Operating System      [See IOS]
investigating      2nd 3rd 4th 5th 6th 7th 8th
investigating systems
investigating unusal traffic      2nd 3rd 4th 5th
investigations
IOS (Internetwork Operating System)
IP addresses      2nd 3rd 4th 5th
ipconfig      2nd
IRC (Internet Relay Chat)
IRC bots
jdbgmgr.exe
Jiang, Juju
KartOO
Kaspersky Labs
KB (KnowledgeBase)      2nd
kbAlertz.com
kernal-mode rootkits
kernel-mode rootkits
keywords
KnowledgeBase
KnowledgeBase (KB)
Kwbot
Kwbot worm
LastWrite time      2nd 3rd
LastWrite times
launching      2nd
launching FSP      2nd 3rd 4th
LDAP (Lightweight Directory Access Protocol)
Liability
licensing issues      2nd 3rd
Lightweight Directory Access Protocol      [See LDAP]
limiting
List of tools for examining various types of files
List of tools used for obtaining information about files
List of tools used to retrieve non-volatile information
List of tools used to retrieve volatile information
ListDLLs      2nd
listdlls.exe
listening      2nd
listing
listing on local systems
listing sessions
listings
lists of workstations from PDC      2nd 3rd
litigious investigations
Lloyd, Timothy
local incidents
Local Security Policy
local systems
locating
locating as services
locating modems
locating WinPcap drivers
LOG
log files
logged on users      2nd 3rd 4th 5th
logic bombs      2nd
logon rights
MAC (media access control)
MAC times      2nd
mac.pl
MACS (Microsoft Audit Collection System)
malicious software      [See malware]
malware
malware installations
Managing
manual incidents
Map List
Mapping

mapping processes to
Master File Table      [See MFT]
MBSA      2nd
MBSA (Microsoft Baseline Security Analyzer)
md5deep.exe      2nd
MDF message digest
mdmscan.pl      2nd 3rd 4th
Mdmscan.pl Perl script for locating modems      2nd 3rd
Media access control (MAC)
Memory
Merge Streams      2nd
meta.pl
Meta.pl Perl script for retrieving metadata from Microsoft Word documents      2nd 3rd
Metadata
metadata from Microsoft Word documents
metadata from PDF files
methodologies      2nd
MFT (Master File Table)
Microsoft Audit Collection System (MACS)
Microsoft Baseline Security Analyzer (MBSA)
Microsoft Excel
Microsoft Installer (MSI) file
Microsoft Internet Information Server      [See IIS]
Microsoft KnowledgeBase (KB)      2nd
Microsoft Management Console      [See MMC]
Microsoft Office documents
Microsoft Resource Kits
Microsoft Security Bulletin MS02-24
Microsoft Systems Management Server (SMS)
Microsoft Windows Application Programming Interface (API)
Microsoft Word
Microsoft Word documents
Microsoft.com
MMC
MMC (Microsoft Management Console
MMC snap-ins
modems      2nd 3rd 4th
modifying
modifying file MAC times      2nd 3rd 4th
Modules
Monitoring      [See monitoring]
Morris, Robert T
MS03-26
MSI (Microsoft Installer) file
MWC, Inc
MZ file signature
Nbtstat
net file
net file command
net session      2nd
net session command      2nd
net start
Net start command
net.exe      2nd
netcap      2nd
netcat      2nd 3rd 4th
netcat listener
netcat traffic capture
netmon      2nd
netmon (Network Monitor)      2nd
netstat      2nd
netstat -ano
netusers.exe
network information and connections      2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th
Network Interface Card      [See NIC]
network interface status
Network Monitor      [See netmon]
network protocol analyzers      [See sniffers]
network sniffers      [See sniffers]
NIC
NIC (network interface card
nmap
nmap traffic capture
non-volatile information
Notepad.exe and Sol.exe
notes
NSA XP
NTFS
NTFS ADS      2nd 3rd 4th 5th 6th
NTFS file system      2nd
NTFS.com
NTRootkit
NTSecurity.nu
NTSecurity.nu sute
null session connections      2nd
null session traffic capture
null.pl      2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th
null.pl Perl script      2nd 3rd 4th 5th 6th 7th 8th 9th 10th
of commercial tools
of easy-to-use tools      2nd
of file client component
of high-speed connections      2nd
of incidents
of perimeter devices      2nd 3rd 4th
of reinstalling systems      2nd
of rootkits
of Windows systems      2nd 3rd
Office documents
OLE structued storage      2nd 3rd
on compromised systems
on Windows XP      2nd
open ports      2nd
openfiles
Opening
openports      2nd
openports.exe
ouput of
Outlook Web Access      [See OWA]
output of
Output of commands run to determine the current date and time on the system
output of commands to a file
Output of di.pl Perl script
Output of dir /ah command
Output of dir /ta command
Output of gpresult.exe on a Windows 2000 system logged into a domain
Output of pslist run on a Windows XP system
Output of pslist t run on a Windows XP system
Output of pulist run on a Windows XP system
Output of rifiuti command
Output of rkd.pl Perl script when run against an AFX Rootkit 2003 infected system      2nd
Output of tlist c run on a Windows XP system
Output of tlist s run on a Windows XP system
output when run against an AFX Rootkit 2003 infected system      2nd
output when run against an AFX Rootkit 2003 infected systems      2nd
overview of      2nd 3rd 4th 5th 6th 7th 8th
OWA (Outlook Web Access)
P2P (peer-to-peer) file sharing programs
packet captures
packet captures (Ethereal)
Packetstorm Security
Panda Software
Panda Software Virsu Encyclopedia
Parent import
Parent Import (PI) Functioin View
Passwords
patch management      2nd 3rd
patches      2nd 3rd
pd.pl
PDF documents
PDF files
pdfmeta.pl
Pdfmeta.pl Perl script for retrieving metadata from PDF files
Peer-to-peer      [See P2P]
performing
performing analysis of with Perl scripts      2nd 3rd 4th
performing file signature analysis      2nd 3rd 4th
perimeter devices
Perl
Perl code excerpt for
Perl code excerpt for retrieving

1 2 3 4

О проекте