Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity
()
About this ebook
The book Executing Windows Command Line Investigations targets the needs of cyber security practitioners who focus on digital forensics and incident response. These are the individuals who are ultimately responsible for executing critical tasks such as incident response; forensic analysis and triage; damage assessments; espionage or other criminal investigations; malware analysis; and responding to human resource violations.
The authors lead readers through the importance of Windows CLI, as well as optimal configuration and usage. Readers will then learn the importance of maintaining evidentiary integrity, evidence volatility, and gain appropriate insight into methodologies that limit the potential of inadvertently destroying or otherwise altering evidence. Next, readers will be given an overview on how to use the proprietary software that accompanies the book as a download from the companion website. This software, called Proactive Incident Response Command Shell (PIRCS), developed by Harris Corporation provides an interface similar to that of a Windows CLI that automates evidentiary chain of custody and reduces human error and documentation gaps during incident response.
- Includes a free download of the Proactive Incident Response Command Shell (PIRCS) software
- Learn about the technical details of Windows CLI so you can directly manage every aspect of incident response evidence acquisition and triage, while maintaining evidentiary integrity
Chet Hosmer
Chet Hosmer serves as an Assistant Professor of Practice at the University of Arizona in the Cyber Operations program, where he is teaching and researching the application of Python and Machine Learning to advanced cybersecurity challenges. Chet is also the founder of Python Forensics, Inc. a non-profit organization focused on the collaborative development of open-source investigative technologies using Python and other popular scripting languages. Chet has made numerous appearances to discuss emerging cyber threats including NPR, ABC News, Forbes, IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com, and Wired Magazine. He has 7 published books with Elsevier and Apress that focus on data hiding, passive network defense strategies, Python Forensics, PowerShell, and IoT.
Read more from Chet Hosmer
Python Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology Rating: 4 out of 5 stars4/5Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols Rating: 5 out of 5 stars5/5PowerShell and Python Together: Targeting Digital Investigations Rating: 0 out of 5 stars0 ratingsPython Passive Network Mapping: P2NMAP Rating: 4 out of 5 stars4/5Defending IoT Infrastructures with the Raspberry Pi: Monitoring and Detecting Nefarious Behavior in Real Time Rating: 0 out of 5 stars0 ratingsIntegrating Python with Leading Computer Forensics Platforms Rating: 0 out of 5 stars0 ratings
Related to Executing Windows Command Line Investigations
Related ebooks
Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Operating System Forensics Rating: 4 out of 5 stars4/5Penetration Tester's Open Source Toolkit Rating: 4 out of 5 stars4/5Building Virtual Pentesting Labs for Advanced Penetration Testing Rating: 0 out of 5 stars0 ratingsMastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Rating: 0 out of 5 stars0 ratingsImplementing Digital Forensic Readiness: From Reactive to Proactive Process Rating: 0 out of 5 stars0 ratingsProfessional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab Rating: 4 out of 5 stars4/5DNS Security: Defending the Domain Name System Rating: 4 out of 5 stars4/5Penetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsNetwork and System Security Rating: 4 out of 5 stars4/5Cloud Storage Forensics Rating: 4 out of 5 stars4/5Digital Forensics with Open Source Tools Rating: 3 out of 5 stars3/5Web Penetration Testing with Kali Linux Rating: 5 out of 5 stars5/5Applied Network Security Rating: 0 out of 5 stars0 ratingsManaged Code Rootkits: Hooking into Runtime Environments Rating: 5 out of 5 stars5/5Cuckoo Malware Analysis Rating: 0 out of 5 stars0 ratingsCoding for Penetration Testers: Building Better Tools Rating: 0 out of 5 stars0 ratingsMastering Kali Linux for Web Penetration Testing Rating: 4 out of 5 stars4/5Low Tech Hacking: Street Smarts for Security Professionals Rating: 4 out of 5 stars4/5Mastering Mobile Forensics Rating: 0 out of 5 stars0 ratingsComputer Forensics: A Pocket Guide Rating: 4 out of 5 stars4/5Mastering Python Forensics Rating: 4 out of 5 stars4/5Digital Forensics: Threatscape and Best Practices Rating: 0 out of 5 stars0 ratingsNmap in the Enterprise: Your Guide to Network Scanning Rating: 0 out of 5 stars0 ratingsWindows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 Rating: 4 out of 5 stars4/5Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8 Rating: 4 out of 5 stars4/5Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Wireshark Network Security Rating: 3 out of 5 stars3/5
Operating Systems For You
Windows 11 All-in-One For Dummies Rating: 5 out of 5 stars5/5Tor Darknet Bundle: Master the Art of Invisibility Rating: 0 out of 5 stars0 ratingsAppleScript Rating: 5 out of 5 stars5/5Learn Windows PowerShell in a Month of Lunches Rating: 0 out of 5 stars0 ratingsHacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Excel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5iPhone Unlocked Rating: 0 out of 5 stars0 ratingsOperating Systems DeMYSTiFieD Rating: 0 out of 5 stars0 ratingsLinux Bible Rating: 0 out of 5 stars0 ratingsLinux Command-Line Tips & Tricks Rating: 0 out of 5 stars0 ratingsHacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5The Linux Command Line Beginner's Guide Rating: 4 out of 5 stars4/5MacOS Ventura Essentials: Support, Troubleshooting & Maintenance Guide for Beginners and Seniors Rating: 0 out of 5 stars0 ratingsMastering Windows PowerShell Scripting Rating: 4 out of 5 stars4/5Linux: Learn in 24 Hours Rating: 5 out of 5 stars5/5Exploring Windows 11: The Illustrated, Practical Guide to Using Microsoft Windows Rating: 0 out of 5 stars0 ratingsOneNote: The Ultimate Guide on How to Use Microsoft OneNote for Getting Things Done Rating: 1 out of 5 stars1/5Windows 11 For Dummies Rating: 0 out of 5 stars0 ratingsMake Your PC Stable and Fast: What Microsoft Forgot to Tell You Rating: 4 out of 5 stars4/5Linux for Beginners: Linux Command Line, Linux Programming and Linux Operating System Rating: 4 out of 5 stars4/5The Windows Command Line Beginner's Guide: Second Edition Rating: 4 out of 5 stars4/5The Mac Terminal Reference and Scripting Primer Rating: 4 out of 5 stars4/5Linux All-In-One For Dummies Rating: 2 out of 5 stars2/5Learn SQL Server Administration in a Month of Lunches Rating: 3 out of 5 stars3/5CompTIA Linux+ Study Guide: Exam XK0-004 Rating: 0 out of 5 stars0 ratingsBash Command Line Pro Tips Rating: 5 out of 5 stars5/5
Reviews for Executing Windows Command Line Investigations
0 ratings0 reviews
Book preview
Executing Windows Command Line Investigations - Chet Hosmer
www.harris.com.
Chapter 1
The Impact of Windows Command Line Investigations
Abstract
This chapter sets the stage for Windows Command Line investigations. We first examine the impact of current cybercrime activities, novel vulnerabilities, and how criminals leverage the Windows Command Line. In addition, we discuss how we plan to turn the tables and utilize the Windows Command Line for both incident response and forensic triage.
Keywords
Breach; Vulnerabilities; Cybercrime; Cybercriminal; Personal identifiable information (PII); Sony; Hactivism; Extortion; Sextortion; Ransomware; Cyberbullying; Harassment; Stalking; Crimes against children; Internet Crimes Against Children (ICAC); Botnet; ZeroAccess; Storm; Heartbleed; POODLE; Windows; Command line; RAM; PowerShell; Forensic; Triage; Proactive incident response command shell (PIRCS); TrendMicro; US CERT
triage: Word Origin
1727 from the French triage a picking out, sorting
From Old French approximately 14 Century, trier to pick or cull
. During World War I, triage was the adopted term for sorting the wounded into groups according to the severity of their injuries.
Chapter Outline
Introduction
Cybercrime Methods and Vulnerabilities
Novel Vulnerabilities
Cyber Criminals Use the Windows Command Line
Turning the Tables
Organization of the Book
Chapter 1 Review
Chapter 1 Summary Questions
Additional Resources
Introduction
As cybercrime activities continue to expand at an alarming rate, our response to these events must keep pace. Reports similar to the following can be found over and over again:
According to TrendMicro’s 2014 Security Roundup, "2014 was the year of mega breaches, hard-to-patch vulnerabilities, and thriving cybercriminal underground economies. It encapsulated threats of grand proportions, the consequences of which set companies back billions in losses and consumers an unknown figure in lost or stolen personally identifiable information