The first book to focus on forensics and incident recovery in a Windows environment

Teaches through case studies and real world-examples

Companion CD contains unique tools developed by the authors

Covers Windows Server 2003, Windows 2000, Windows NT, and Windows XP

If you're responsible for protecting Windows systems, firewalls and anti-virus aren't enough. You also need to master incident response, recovery, and auditing. Leading Windows security expert and instructor Harlan Carvey offers a start-to-finish guide to the subject: everything administrators must know to recognize and respond to virtually any attack.

Drawing on his widely acclaimed course, Carvey uses real-world examples to cover every significant incident response, recovery, and forensics technique. He delivers a complete incident response toolset that combines today's best open source and freeware tools, his own exclusive software and scripts, and step-by-step instructions for using them. This book's tools and techniques apply to every current and professional version of Windows: NT, 2000, XP, and Windows Server 2003. Coverage includes:

Developing a practical methodology for responding to potential attacks

Preparing your systems to prevent and detect incidents

Recognizing the signatures of an attack—in time to act

Uncovering attacks that evade detection by Event Viewer, Task Manager, and other Windows GUI tools

Using the Forensic Server Project to automate data collection during live investigations

Analyzing live forensics data in order to determine what occurred