Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity
()
About this ebook
The book Executing Windows Command Line Investigations targets the needs of cyber security practitioners who focus on digital forensics and incident response. These are the individuals who are ultimately responsible for executing critical tasks such as incident response; forensic analysis and triage; damage assessments; espionage or other criminal investigations; malware analysis; and responding to human resource violations.
The authors lead readers through the importance of Windows CLI, as well as optimal configuration and usage. Readers will then learn the importance of maintaining evidentiary integrity, evidence volatility, and gain appropriate insight into methodologies that limit the potential of inadvertently destroying or otherwise altering evidence. Next, readers will be given an overview on how to use the proprietary software that accompanies the book as a download from the companion website. This software, called Proactive Incident Response Command Shell (PIRCS), developed by Harris Corporation provides an interface similar to that of a Windows CLI that automates evidentiary chain of custody and reduces human error and documentation gaps during incident response.
- Includes a free download of the Proactive Incident Response Command Shell (PIRCS) software
- Learn about the technical details of Windows CLI so you can directly manage every aspect of incident response evidence acquisition and triage, while maintaining evidentiary integrity
Chet Hosmer
Chet Hosmer serves as an Assistant Professor of Practice at the University of Arizona in the Cyber Operations program, where he is teaching and researching the application of Python and Machine Learning to advanced cybersecurity challenges. Chet is also the founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using Python and other popular scripting languages. Chet has made numerous appearances to discuss emerging cyber threats including NPR, ABC News, Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com, and Wired Magazine. He has 7 published books with Elsevier and Apress that focus on data hiding, passive network defense strategies, Python Forensics, PowerShell, and IoT.
Read more from Chet Hosmer
Python Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology Rating: 4 out of 5 stars4/5Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols Rating: 5 out of 5 stars5/5PowerShell and Python Together: Targeting Digital Investigations Rating: 0 out of 5 stars0 ratingsDefending IoT Infrastructures with the Raspberry Pi: Monitoring and Detecting Nefarious Behavior in Real Time Rating: 0 out of 5 stars0 ratingsPython Passive Network Mapping: P2NMAP Rating: 4 out of 5 stars4/5Integrating Python with Leading Computer Forensics Platforms Rating: 0 out of 5 stars0 ratings
Related to Executing Windows Command Line Investigations
Related ebooks
Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Penetration Tester's Open Source Toolkit Rating: 4 out of 5 stars4/5Operating System Forensics Rating: 4 out of 5 stars4/5Implementing Digital Forensic Readiness: From Reactive to Proactive Process Rating: 0 out of 5 stars0 ratingsSnort Intrusion Detection 2.0 Rating: 4 out of 5 stars4/5Network and System Security Rating: 4 out of 5 stars4/5Professional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab Rating: 4 out of 5 stars4/5Nmap in the Enterprise: Your Guide to Network Scanning Rating: 0 out of 5 stars0 ratingsBuilding Virtual Pentesting Labs for Advanced Penetration Testing Rating: 0 out of 5 stars0 ratingsMastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Rating: 0 out of 5 stars0 ratingsCoding for Penetration Testers: Building Better Tools Rating: 0 out of 5 stars0 ratingsBuilding an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats Rating: 0 out of 5 stars0 ratingsHacking Web Apps: Detecting and Preventing Web Application Security Problems Rating: 0 out of 5 stars0 ratingsApplied Network Security Rating: 0 out of 5 stars0 ratingsDNS Security: Defending the Domain Name System Rating: 4 out of 5 stars4/5Digital Forensics with Open Source Tools Rating: 3 out of 5 stars3/5Penetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsDigital Forensics: Threatscape and Best Practices Rating: 0 out of 5 stars0 ratingsMastering Kali Linux for Web Penetration Testing Rating: 4 out of 5 stars4/5Cloud Storage Forensics Rating: 4 out of 5 stars4/5Placing the Suspect Behind the Keyboard: Using Digital Forensics and Investigative Techniques to Identify Cybercrime Suspects Rating: 0 out of 5 stars0 ratingsWeb Penetration Testing with Kali Linux Rating: 5 out of 5 stars5/5Mastering Mobile Forensics Rating: 0 out of 5 stars0 ratingsCuckoo Malware Analysis Rating: 0 out of 5 stars0 ratingsCybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats Rating: 3 out of 5 stars3/5Leveraging WMI Scripting: Using Windows Management Instrumentation to Solve Windows Management Problems Rating: 5 out of 5 stars5/5Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8 Rating: 4 out of 5 stars4/5Stealing The Network: How to Own the Box Rating: 4 out of 5 stars4/5
Operating Systems For You
Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Mastering Windows PowerShell Scripting Rating: 4 out of 5 stars4/5Make Your PC Stable and Fast: What Microsoft Forgot to Tell You Rating: 4 out of 5 stars4/5AppleScript Rating: 5 out of 5 stars5/5Excel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5OneNote: The Ultimate Guide on How to Use Microsoft OneNote for Getting Things Done Rating: 1 out of 5 stars1/5Linux: Learn in 24 Hours Rating: 5 out of 5 stars5/5Bash Command Line Pro Tips Rating: 5 out of 5 stars5/5The Mac Terminal Reference and Scripting Primer Rating: 4 out of 5 stars4/5Raspberry Pi Cookbook for Python Programmers Rating: 0 out of 5 stars0 ratingsUNIX Shell Programming Interview Questions You'll Most Likely Be Asked Rating: 0 out of 5 stars0 ratingsPowerShell: A Comprehensive Guide to Windows PowerShell Rating: 4 out of 5 stars4/5COBOL Basic Training Using VSAM, IMS and DB2 Rating: 5 out of 5 stars5/5Networking for System Administrators: IT Mastery, #5 Rating: 5 out of 5 stars5/5Exploring Windows 11: The Illustrated, Practical Guide to Using Microsoft Windows Rating: 0 out of 5 stars0 ratingsHacking for Beginners: Mastery Guide to Learn and Practice the Basics of Computer and Cyber Security Rating: 0 out of 5 stars0 ratingsLearn Windows PowerShell in a Month of Lunches Rating: 0 out of 5 stars0 ratingsUNIX For Dummies Rating: 3 out of 5 stars3/5Linux for Beginners: Linux Command Line, Linux Programming and Linux Operating System Rating: 4 out of 5 stars4/5iPhone 12, iPhone Pro, and iPhone Pro Max For Senirs: A Ridiculously Simple Guide to the Next Generation of iPhone and iOS 14 Rating: 0 out of 5 stars0 ratingsGetting Started With MacBook Air (2020 Model): A Guide For New MacOS Users Rating: 0 out of 5 stars0 ratingsHacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5CompTIA Linux+ Study Guide: Exam XK0-004 Rating: 0 out of 5 stars0 ratingsMastering Linux Shell Scripting Rating: 4 out of 5 stars4/5Windows Server 2019 & PowerShell All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsThe Linux Command Line Beginner's Guide Rating: 4 out of 5 stars4/5
Reviews for Executing Windows Command Line Investigations
0 ratings0 reviews
Book preview
Executing Windows Command Line Investigations - Chet Hosmer
www.harris.com.
Chapter 1
The Impact of Windows Command Line Investigations
Abstract
This chapter sets the stage for Windows Command Line investigations. We first examine the impact of current cybercrime activities, novel vulnerabilities, and how criminals leverage the Windows Command Line. In addition, we discuss how we plan to turn the tables and utilize the Windows Command Line for both incident response and forensic triage.
Keywords
Breach; Vulnerabilities; Cybercrime; Cybercriminal; Personal identifiable information (PII); Sony; Hactivism; Extortion; Sextortion; Ransomware; Cyberbullying; Harassment; Stalking; Crimes against children; Internet Crimes Against Children (ICAC); Botnet; ZeroAccess; Storm; Heartbleed; POODLE; Windows; Command line; RAM; PowerShell; Forensic; Triage; Proactive incident response command shell (PIRCS); TrendMicro; US CERT
triage: Word Origin
1727 from the French triage a picking out, sorting
From Old French approximately 14 Century, trier to pick or cull
. During World War I, triage was the adopted term for sorting the wounded into groups according to the severity of their injuries.
Chapter Outline
Introduction
Cybercrime Methods and Vulnerabilities
Novel Vulnerabilities
Cyber Criminals Use the Windows Command Line
Turning the Tables
Organization of the Book
Chapter 1 Review
Chapter 1 Summary Questions
Additional Resources
Introduction
As cybercrime activities continue to expand at an alarming rate, our response to these events must keep pace. Reports similar to the following can be found over and over again:
According to TrendMicro’s 2014 Security Roundup, "2014 was the year of mega breaches, hard-to-patch vulnerabilities, and thriving cybercriminal underground economies. It encapsulated threats of grand proportions, the consequences of which set companies back billions in losses and consumers an unknown figure in lost or stolen personally identifiable information