Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity
()
About this ebook
The book Executing Windows Command Line Investigations targets the needs of cyber security practitioners who focus on digital forensics and incident response. These are the individuals who are ultimately responsible for executing critical tasks such as incident response; forensic analysis and triage; damage assessments; espionage or other criminal investigations; malware analysis; and responding to human resource violations.
The authors lead readers through the importance of Windows CLI, as well as optimal configuration and usage. Readers will then learn the importance of maintaining evidentiary integrity, evidence volatility, and gain appropriate insight into methodologies that limit the potential of inadvertently destroying or otherwise altering evidence. Next, readers will be given an overview on how to use the proprietary software that accompanies the book as a download from the companion website. This software, called Proactive Incident Response Command Shell (PIRCS), developed by Harris Corporation provides an interface similar to that of a Windows CLI that automates evidentiary chain of custody and reduces human error and documentation gaps during incident response.
- Includes a free download of the Proactive Incident Response Command Shell (PIRCS) software
- Learn about the technical details of Windows CLI so you can directly manage every aspect of incident response evidence acquisition and triage, while maintaining evidentiary integrity
Chet Hosmer
Chet Hosmer serves as an Assistant Professor of Practice at the University of Arizona in the Cyber Operations program, where he is teaching and researching the application of Python and Machine Learning to advanced cybersecurity challenges. Chet is also the founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using Python and other popular scripting languages. Chet has made numerous appearances to discuss emerging cyber threats including NPR, ABC News, Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com, and Wired Magazine. He has 7 published books with Elsevier and Apress that focus on data hiding, passive network defense strategies, Python Forensics, PowerShell, and IoT.
Read more from Chet Hosmer
Python Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology Rating: 4 out of 5 stars4/5Python Passive Network Mapping: P2NMAP Rating: 4 out of 5 stars4/5Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols Rating: 5 out of 5 stars5/5PowerShell and Python Together: Targeting Digital Investigations Rating: 0 out of 5 stars0 ratingsDefending IoT Infrastructures with the Raspberry Pi: Monitoring and Detecting Nefarious Behavior in Real Time Rating: 0 out of 5 stars0 ratingsIntegrating Python with Leading Computer Forensics Platforms Rating: 0 out of 5 stars0 ratings
Related to Executing Windows Command Line Investigations
Related ebooks
Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Operating System Forensics Rating: 4 out of 5 stars4/5Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Thor's Microsoft Security Bible: A Collection of Practical Security Techniques Rating: 0 out of 5 stars0 ratingsImplementing Digital Forensic Readiness: From Reactive to Proactive Process Rating: 0 out of 5 stars0 ratingsApplied Network Security Rating: 0 out of 5 stars0 ratingsBuilding Virtual Pentesting Labs for Advanced Penetration Testing Rating: 0 out of 5 stars0 ratingsPenetration Tester's Open Source Toolkit Rating: 4 out of 5 stars4/5Cloud Storage Forensics Rating: 4 out of 5 stars4/5DNS Security: Defending the Domain Name System Rating: 4 out of 5 stars4/5Professional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab Rating: 4 out of 5 stars4/5Cuckoo Malware Analysis Rating: 0 out of 5 stars0 ratingsMastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Rating: 0 out of 5 stars0 ratingsSnort Intrusion Detection 2.0 Rating: 4 out of 5 stars4/5Penetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsWeb Penetration Testing with Kali Linux Rating: 5 out of 5 stars5/5Android Forensics: Investigation, Analysis and Mobile Security for Google Android Rating: 3 out of 5 stars3/5Digital Forensics with Open Source Tools Rating: 3 out of 5 stars3/5Coding for Penetration Testers: Building Better Tools Rating: 0 out of 5 stars0 ratingsDesigning a HIPAA-Compliant Security Operations Center: A Guide to Detecting and Responding to Healthcare Breaches and Events Rating: 0 out of 5 stars0 ratingsDigital Forensics: Threatscape and Best Practices Rating: 0 out of 5 stars0 ratingsNmap in the Enterprise: Your Guide to Network Scanning Rating: 0 out of 5 stars0 ratingsManaged Code Rootkits: Hooking into Runtime Environments Rating: 5 out of 5 stars5/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8 Rating: 4 out of 5 stars4/5Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Windows 2012 Server Network Security: Securing Your Windows Network Systems and Infrastructure Rating: 4 out of 5 stars4/5Windows Server A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsMalware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5
Operating Systems For You
Excel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5Make Your PC Stable and Fast: What Microsoft Forgot to Tell You Rating: 4 out of 5 stars4/5Windows 11 All-in-One For Dummies Rating: 5 out of 5 stars5/5Learn Windows PowerShell in a Month of Lunches Rating: 0 out of 5 stars0 ratingsMastering Windows PowerShell Scripting Rating: 4 out of 5 stars4/5The Windows Command Line Beginner's Guide: Second Edition Rating: 4 out of 5 stars4/5The Linux Command Line Beginner's Guide Rating: 4 out of 5 stars4/5Windows 11 For Dummies Rating: 0 out of 5 stars0 ratingsHacking for Beginners: Mastery Guide to Learn and Practice the Basics of Computer and Cyber Security Rating: 0 out of 5 stars0 ratingsLinux for Beginners: Linux Command Line, Linux Programming and Linux Operating System Rating: 4 out of 5 stars4/5Tor Darknet Bundle: Master the Art of Invisibility Rating: 0 out of 5 stars0 ratingsLinux: Learn in 24 Hours Rating: 5 out of 5 stars5/5Essential iPhone iOS 12 Edition: The Illustrated Guide to Using iPhone Rating: 0 out of 5 stars0 ratingsUNIX For Dummies Rating: 3 out of 5 stars3/5Networking for System Administrators: IT Mastery, #5 Rating: 5 out of 5 stars5/5Pages For Seniors: A Ridiculously Simple Guide To Word Processing On Your Mac Rating: 0 out of 5 stars0 ratingsDarknet Rating: 4 out of 5 stars4/5iPhone Unlocked Rating: 0 out of 5 stars0 ratingsHacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5iPad and iPad Pro For Dummies Rating: 0 out of 5 stars0 ratingsHacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5CompTIA Linux+ Study Guide: Exam XK0-004 Rating: 0 out of 5 stars0 ratingsMacs All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsRaspberry Pi Cookbook for Python Programmers Rating: 0 out of 5 stars0 ratingsOneNote: The Ultimate Guide on How to Use Microsoft OneNote for Getting Things Done Rating: 1 out of 5 stars1/5The Mac Terminal Reference and Scripting Primer Rating: 4 out of 5 stars4/5Exploring Windows 11: The Illustrated, Practical Guide to Using Microsoft Windows Rating: 0 out of 5 stars0 ratings
Reviews for Executing Windows Command Line Investigations
0 ratings0 reviews
Book preview
Executing Windows Command Line Investigations - Chet Hosmer
www.harris.com.
Chapter 1
The Impact of Windows Command Line Investigations
Abstract
This chapter sets the stage for Windows Command Line investigations. We first examine the impact of current cybercrime activities, novel vulnerabilities, and how criminals leverage the Windows Command Line. In addition, we discuss how we plan to turn the tables and utilize the Windows Command Line for both incident response and forensic triage.
Keywords
Breach; Vulnerabilities; Cybercrime; Cybercriminal; Personal identifiable information (PII); Sony; Hactivism; Extortion; Sextortion; Ransomware; Cyberbullying; Harassment; Stalking; Crimes against children; Internet Crimes Against Children (ICAC); Botnet; ZeroAccess; Storm; Heartbleed; POODLE; Windows; Command line; RAM; PowerShell; Forensic; Triage; Proactive incident response command shell (PIRCS); TrendMicro; US CERT
triage: Word Origin
1727 from the French triage a picking out, sorting
From Old French approximately 14 Century, trier to pick or cull
. During World War I, triage was the adopted term for sorting the wounded into groups according to the severity of their injuries.
Chapter Outline
Introduction
Cybercrime Methods and Vulnerabilities
Novel Vulnerabilities
Cyber Criminals Use the Windows Command Line
Turning the Tables
Organization of the Book
Chapter 1 Review
Chapter 1 Summary Questions
Additional Resources
Introduction
As cybercrime activities continue to expand at an alarming rate, our response to these events must keep pace. Reports similar to the following can be found over and over again:
According to TrendMicro’s 2014 Security Roundup, "2014 was the year of mega breaches, hard-to-patch vulnerabilities, and thriving cybercriminal underground economies. It encapsulated threats of grand proportions, the consequences of which set companies back billions in losses and consumers an unknown figure in lost or stolen personally identifiable information