Everand Logo

Welcome to Everand!

  • Discover millions of ebooks, audiobooks, and so much more with a free trial

    Only $11.99/month after trial. Cancel anytime.

    Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity
    Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity
    Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity
    Ebook353 pages3 hours

    Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity

    By Chet Hosmer, Joshua Bartolomie and Rosanne Pelli

    ()

    Read preview

    About this ebook

    The book Executing Windows Command Line Investigations targets the needs of cyber security practitioners who focus on digital forensics and incident response. These are the individuals who are ultimately responsible for executing critical tasks such as incident response; forensic analysis and triage; damage assessments; espionage or other criminal investigations; malware analysis; and responding to human resource violations.

    The authors lead readers through the importance of Windows CLI, as well as optimal configuration and usage. Readers will then learn the importance of maintaining evidentiary integrity, evidence volatility, and gain appropriate insight into methodologies that limit the potential of inadvertently destroying or otherwise altering evidence. Next, readers will be given an overview on how to use the proprietary software that accompanies the book as a download from the companion website. This software, called Proactive Incident Response Command Shell (PIRCS), developed by Harris Corporation provides an interface similar to that of a Windows CLI that automates evidentiary chain of custody and reduces human error and documentation gaps during incident response.

    • Includes a free download of the Proactive Incident Response Command Shell (PIRCS) software
    • Learn about the technical details of Windows CLI so you can directly manage every aspect of incident response evidence acquisition and triage, while maintaining evidentiary integrity
    LanguageEnglish
    PublisherElsevier Science
    Release dateJun 11, 2016
    ISBN9780128092712
    Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity
    Author

    Chet Hosmer

    Chet Hosmer serves as an Assistant Professor of Practice at the University of Arizona in the Cyber Operations program, where he is teaching and researching the application of Python and Machine Learning to advanced cybersecurity challenges. Chet is also the founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using Python and other popular scripting languages. Chet has made numerous appearances to discuss emerging cyber threats including NPR, ABC News, Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com, and Wired Magazine. He has 7 published books with Elsevier and Apress that focus on data hiding, passive network defense strategies, Python Forensics, PowerShell, and IoT.

    Read more from Chet Hosmer

    Related to Executing Windows Command Line Investigations

    Related ebooks

    Operating Systems For You

    View More
    View More

    Related podcast episodes

    Related articles

    Related categories

    Reviews for Executing Windows Command Line Investigations

    0 ratings

    0 ratings0 reviews

    What did you think?

    Tap to rate

    Review must be at least 10 words

      Book preview

      Executing Windows Command Line Investigations - Chet Hosmer

      www.harris.com.

      Chapter 1

      The Impact of Windows Command Line Investigations

      Abstract

      This chapter sets the stage for Windows Command Line investigations. We first examine the impact of current cybercrime activities, novel vulnerabilities, and how criminals leverage the Windows Command Line. In addition, we discuss how we plan to turn the tables and utilize the Windows Command Line for both incident response and forensic triage.

      Keywords

      Breach; Vulnerabilities; Cybercrime; Cybercriminal; Personal identifiable information (PII); Sony; Hactivism; Extortion; Sextortion; Ransomware; Cyberbullying; Harassment; Stalking; Crimes against children; Internet Crimes Against Children (ICAC); Botnet; ZeroAccess; Storm; Heartbleed; POODLE; Windows; Command line; RAM; PowerShell; Forensic; Triage; Proactive incident response command shell (PIRCS); TrendMicro; US CERT

      triage: Word Origin

      1727 from the French triage a picking out, sorting From Old French approximately 14 Century, trier to pick or cull. During World War I, triage was the adopted term for sorting the wounded into groups according to the severity of their injuries.

      Chapter Outline

      Introduction

      Cybercrime Methods and Vulnerabilities

      Novel Vulnerabilities

      Cyber Criminals Use the Windows Command Line

      Turning the Tables

      Organization of the Book

      Chapter 1 Review

      Chapter 1 Summary Questions

      Additional Resources

      Introduction

      As cybercrime activities continue to expand at an alarming rate, our response to these events must keep pace. Reports similar to the following can be found over and over again:

      According to TrendMicro’s 2014 Security Roundup, "2014 was the year of mega breaches, hard-to-patch vulnerabilities, and thriving cybercriminal underground economies. It encapsulated threats of grand proportions, the consequences of which set companies back billions in losses and consumers an unknown figure in lost or stolen personally identifiable information

      Enjoying the preview?
      Page 1 of 1