Chapter 6 Live-Analysis Techniques

As you saw in Chapter 3, “Beyond the Windows GUI,” attackers will frequently take significant steps to conceal their presence on a system. Some of these steps include avoiding making changes to the hard drive of the victim system in order to reduce the amount of recoverable evidence of their activities. You saw in Chapter 5, “Windows Ports and Services,” how valuable information regarding running processes as well as open and active ports on the system can be stored in the RAM of a running system. This chapter will build on the knowledge that you gained in those two chapters to explain ways to gather this type of evidence from a running system. This knowledge will help elevate your skills from those of a basic ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Windows Network Forensics and Investigation, 2nd Edition by

Chapter 6

Live-Analysis Techniques

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly