Defining the Issue
When I first started writing this book, I sat down and tried to come up with a good reason for writing it. Was there a particular problem that I was trying to solve or address? What was I going to say, and why would I say it? The “how” would come later, as I began writing. The question became, why was I writing the book?
I've seen through personal experience and through reading a variety of online resources that many times Windows administrators respond to incidents in an ineffective manner, if at all. For whatever reason, a good deal of mystery seems to surround Windows systems that are suspected to have been compromised. In some cases, the system really isn't compromised at all. Rather, files, processes, or open ports that ...
Get Windows Forensics and Incident Recovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
