This book will detail the techniques that should be employed to thoroughly investigate, analyze, and document a criminal act on a Windows computer or network. Our expert authors will teach the reader how to fully investigate a Windows intrusion incident, rather than simply how to perform an initial response. Its focus is on investigating criminal activity and not simply inappropriate use of company networks and systems. The reader will then be able to present this technically complicated material in simple terms with language and analogies that prosecutors, judges, and juries can readily understand.
Book will also cover the emerging field of "live forensics," where investigators examine a computer, server or network to obtain evidence while it is still running. The standard practice has been to perform investigations on unplugged machines or data files that have been seized and taken back to the lab. However, once the machine is unplugged, valuable evidence may be lost. This book will cover how to overcome myriad obstacles while trying to access live data.
Authors will also provide a classroom support package to ensure academic adoptions.