While checking out a comment on yesterday's post on Windows Forensics: Have I been Hacked? I came a cross a new book on the subject that hasn't been released yet, but looks like it might me an interesting read.
Harlan Carvey has written a book to be published next month called Windows Forensics and Incident Recovery which looks quite interesting for the forensic investigators out there. Here is a quick TOC:
- Chapter 1 – Introduction
- Chapter 2 – How Incidents Occur
- Chapter 3 – Data Hiding
- Chapter 4 – Incident Preparation
- Chapter 5 – Incident Response Tools
- Chapter 6 – Developing a Methodology
- Chapter 7 – Knowing What To Look For
- Chapter 8 – Using the Forensic Server Project
- Chapter 9 – Scanners and Sniffers
- Appendix A – Installing Perl on Windows
- Appendix B – Web Sites
- Appendix C – Answers to Chapter 9 Questions
As it hasn't been published yet, I haven't had a chance to read it to
really scope it out, but if the TOC is any indication, it might be an
interesting read. I am just finishing up Threat Modeling
right now (review to follow shortly), and this comes at a good time. If
you want to explore some of the topics, tools and techniques that will
be covered in the book, Harlan has a website up at www.windows-ir.com which includes links to some of this stuff.
Maybe with any luck Harlan will be as generous as Ken was in sending me an advanced copy of Secure Coding: Principles and Practices or Gary, who while reading my comments, decided to send me an early copy of his book Exploiting Software:How to break Code.
Now that I think about it, I'm blessed with a lot of quality readers
of my blog who seem to be great authors. If you are an author with a
book on infosec or secure coding, and would like me to read and review
your book, please contact me at email@example.com.
One thing though… you HAVE to personally autograph it. I've started a
collection of personally signed security books. Right now I got signed
books from about a half dozen great authors. Want to join them? Send me
[Dana Epp's ramblings at the Sanctuary]