Windows Security Books

Windows Forensic Analysis Including DVD Toolkit

Harlan Carvey

Amazon Price: $41.96 List Price: $59.95 Usually ships in 24 hours By: Syngress Amazon Marketplace: 36 new & used starting at $41.95

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Computer Science -> General
Subjects -> Computers & Internet -> Computer Science -> General AAS

Customer Reviews:
Total reviews: 11 Average rating: 5.0 of 5

Taking Windows Analysis to the Next Step... 5 out of 5 stars.
5 of 5 people found this review helpful.

Harlan poured his clear love of incident response and of the forensic profession into this book. Windows Forensic Analysis dives into many exceptional topics that are routinely overlooked in similar material. The entire book covers many novel analysis techniques and topics, the registry analysis chapter and the file analysis chapter discusses many detailed artifacts and areas of examination during forensics that up until this was published was only discussed deep inside forensic circles or discovered through hard earned on-the-ground experience. The book's only drawback is that it covers too many topics and the chapters do not flow together as well as I would have hoped. A single chapter is excellent, but in many cases it doesn't lead you to the next one. I also found that the entire book could have been written on just registry forensics. However, in order to create broad appeal, the registry section was probably shortened. You can tell Harlan has a lot more to tell. Finally, the CDROM companion could have had more polish to the file layout as finding some of the tools is slightly confusing upon initial glance. Even with these minor drawbacks, the information in each chapter is phenomenal. I recommend this book to anyone looking to advance their understanding of the Windows analysis environment.

Editorial Review:

The only book available on the market that addresses and discusses in-depth forensic analysis of Windows systems. Windows Forensic Analysis DVD Toolkit takes the reader to a whole new, undiscovered level of forensic analysis for Windows systems, providing unique information and resources not available anywhere else. This book covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. This book also brings this material to the doorstep of system administrators, who are often the front line troops when an incident occurs, but due to staffing and budgets do not have the necessary knowledge to effectively respond. The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else, as they were created by the author.

Rootkits: Subverting the Windows Kernel (Addison-Wesley Software Security Series)

Greg Hoglund, Jamie Butler

Amazon Price: $34.64 List Price: $54.99 Usually ships in 24 hours By: Addison-Wesley Professional Amazon Marketplace: 44 new & used starting at $16.77

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Home Computing -> Internet -> General AAS

Customer Reviews:
Total reviews: 21 Average rating: 5.0 of 5

Editorial Review:

"It's imperative that everybody working in the field of cyber-security read this book to understand the growing threat of rootkits." --Mark Russinovich, editor, Windows IT Pro / Windows & .NET Magazine "This material is not only up-to-date, it defines up-to-date. It is truly cutting-edge. As the only book on the subject, Rootkits will be of interest to any Windows security researcher or security programmer. It's detailed, well researched and the technical information is excellent. The level of technical detail, research, and time invested in developing relevant examples is impressive. In one word: Outstanding." --Tony Bautts, Security Consultant; CEO, Xtivix, Inc. "This book is an essential read for anyone responsible for Windows security. Security professionals, Windows system administrators, and programmers in general will want to understand the techniques used by rootkit authors. At a time when many IT and security professionals are still worrying about the latest e-mail virus or how to get all of this month's security patches installed, Mr. Hoglund and Mr. Butler open your eyes to some of the most stealthy and significant threats to the Windows operating system.Only by understanding these offensive techniques can you properly defend the networks and systems for which you are responsible." --Jennifer Kolde, Security Consultant, Author, and Instructor "What's worse than being owned? Not knowing it. Find out what it means to be owned by reading Hoglund and Butler's first-of-a-kind book on rootkits. At the apex the malicious hacker toolset--which includes decompilers, disassemblers, fault-injection engines, kernel debuggers, payload collections, coverage tools, and flow analysis tools--is the rootkit. Beginning where Exploiting Software left off, this book shows how attackers hide in plain sight. "Rootkits are extremely powerful and are the next wave of attack technology. Like other types of malicious code, rootkits thrive on stealthiness. They hide away from standard system observers, employing hooks, trampolines, and patches to get their work done. Sophisticated rootkits run in such a way that other programs that usually monitor machine behavior can't easily detect them. A rootkit thus provides insider access only to people who know that it is running and available to accept commands.Kernel rootkits can hide files and running processes to provide a backdoor into the target machine. "Understanding the ultimate attacker's tool provides an important motivator for those of us trying to defend systems. No authors are better suited to give you a detailed hands-on understanding of rootkits than Hoglund and Butler. Better to own this book than to be owned." --Gary McGraw, Ph.D., CTO, Cigital, coauthor of Exploiting Software (2004) and Building Secure Software (2002), both from Addison-Wesley "Greg and Jamie are unquestionably the go-to experts when it comes to subverting the Windows API and creating rootkits. These two masters come together to pierce the veil of mystery surrounding rootkits, bringing this information out of the shadows. Anyone even remotely interested in security for Windows systems, including forensic analysis, should include this book very high on their must-read list." --Harlan Carvey, author of Windows Forensics and Incident Recovery (Addison-Wesley, 2005) Rootkits are the ultimate backdoor, giving hackers ongoing and virtually undetectable access to the systems they exploit. Now, two of the world's leading experts have written the first comprehensive guide to rootkits: what they are, how they work, how to build them, and how to detect them. Rootkit.com's Greg Hoglund and James Butler created and teach Black Hat's legendary course in rootkits. In this book, they reveal never-before-told offensive aspects of rootkit technology--learn how attackers can get in and stay in for years, without detection. Hoglund and Butler show exactly how to subvert the Windows XP and Windows 2000 kernels, teaching concepts that are easily applied to virtually any modern operating system, from Windows Server 2003 to Linux and UNIX. Using extensive downloadable examples, they teach rootkit programming techniques that can be used for a wide range of software, from white hat security tools to operating system drivers and debuggers.After reading this book, readers will be able to *Understand the role of rootkits in remote command/control and software eavesdropping *Build kernel rootkits that can make processes, files, and directories invisible *Master key rootkit programming techniques, including hooking, runtime patching, and directly manipulating kernel objects *Work with layered drivers to implement keyboard sniffers and file filters *Detect rootkits and build host-based intrusion prevention software that resists rootkit attacks Visit rootkit. com for code and programs from this book. The site also contains enhancements to the book's text, such as up-to-the-minute information on rootkits available nowhere else.

Windows Vista(TM) Resource Kit

Mitch Tulloch, Tony Northrup, Jerry Honeycutt, Ed Wilson, Ralph Ramos, The Windows Vista Team

Amazon Price: $36.55 List Price: $59.99 Usually ships in 24 hours By: Microsoft Press - Model: 9780735622838 Amazon Marketplace: 57 new & used starting at $14.61

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Microsoft -> Operating Systems -> Windows NT
Subjects -> Computers & Internet -> Microsoft -> Operating Systems -> Windows NT Server
Subjects -> Computers & Internet -> Microsoft -> Operating Systems -> Windows - General

Customer Reviews:
Total reviews: 13 Average rating: 4.5 of 5

Excellent reference, could use a proofread 4 out of 5 stars.
5 of 5 people found this review helpful.

This resource kit is very informative, but I've never seen a book with so many typographical errors. Fortunately, almost all of the errors are not material in that they do not affect the accuracy of the content. But the book should have undergone a proofreading or at least a comprehensive spelling/grammar check.
Typo issues aside, the book is a very useful resource. The coverage of Vista's new (file) image-based deployment is comprehensive. Changes such as KMS (for licensing), admx (for Group Policy), file/registry virtualization (under UAC and IE Protected Mode), and BCD (replaces boot.ini) are discussed. Key additions to the collection of Group Policy objects are highlighted. And, of course, there is a lot of trivia-type information that, though interesting, may not find actual day-to-day use.
The resource kit tools are focused mainly on enterprise deployment and scripting. If you are looking for the types of tools included with previous Windows resource kits, you will be disappointed.

Editorial Review:

Get the definitive reference for deploying, configuring, and supporting Microsoft® Windows Vista(tm)--with expert insights from Microsoft Most Valuable Professionals (MVPs) and the Windows Vista Team. This official Microsoft RESOURCE KIT provides more than 1,500 pages of in-depth technical guidance on automating deployment; implementing security enhancements; administering group policy, files and folders, and programs; and troubleshooting for Windows Vista. In addition, you get detailed information on Microsoft Internet Explorer® 7, Microsoft Windows® Firewall, and Windows Defender. You also get more than 150 timesaving scripts to help automate administrative tasks, additional job aids, and an eBook of the entire RESOURCE KIT on CD.

Group Policy: Management, Troubleshooting, and Security: For Windows Vista , Windows 2003, Windows XP, and Windows 2000 (Mark Minasi Windows Administrator Library)

Jeremy Moskowitz

Amazon Price: $31.49 List Price: $49.99 Usually ships in 24 hours By: Sybex Amazon Marketplace: 55 new & used starting at $1.46

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Management & Leadership -> Management Science
Subjects -> Computers & Internet -> Business & Culture -> Manager's Guides to Computing
Subjects -> Computers & Internet -> Certification Central -> Exams -> Security+

Customer Reviews:
Total reviews: 5 Average rating: 4.5 of 5

The Best GPO Book, Now In 4th Edition 5 out of 5 stars.
7 of 7 people found this review helpful.

This is the 4th edition of this book and I buy every new edition that comes out. This particular edition includes major new updates for Vista, such as ADMX templates. I teach courses on Windows security at SANS and I recommend the latest version of Jeremy's GPO book at every conference to my attendees. This is one of the few must-have books for Windows network administrators.

havent read the book but I want to comment on the quality of the book 3 out of 5 stars.
2 of 21 people found this review helpful.

I just received this book and haven't read it yet. But I wanted to comment on the poor quality of the book itself. The paper used is very poor quality, feels like newspaper almost. Has a very recycled feel to it, and the edge is not crisp, it has a rough edge that sprays little paper dust particles everywhere whenever the book is handled. I tried to fan the pages to remove these particles but they just keep coming. I am considering returning this book and maybe buying it again later if they improve the printing process used on it.

Editorial Review:

Presenting a fully updated resource for Windows Vista that shows you how best to use Group Policy in order to take full advantage of Active Directory and create a managed desktop environment. You’ll learn details about the GPMC, Group Policy troubleshooting techniques, and configuring Group Policy to create a resilient desktop environment. You’ll also discover how to create and manage ADMX files and leverage the Group Policy Central Store as well as deploy Office 2007, Office 2003, and more using Group Policy Software Installation.

Windows Server 2008 PKI and Certificate Security (PRO-Other) (PRO-Other)

Brian Komar

Amazon Price: $37.79 List Price: $59.99 Usually ships in 24 hours By: Microsoft Press Amazon Marketplace: 51 new & used starting at $12.20

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Privacy

Customer Reviews:
Total reviews: 5 Average rating: 5.0 of 5

Editorial Review:

Get in-depth guidance for designing and implementing certificate-based security solutions straight from PKI expert Brian Komar. No need to buy or outsource costly PKI services when you can use the robust PKI and certificate-based security services already built into Windows Server 2008! This in-depth reference teaches you how to design and implement even the most demanding certificate-based security solutions for wireless networking, smart card authentication, VPNs, secure email, Web SSL, EFS, and code-signing applications using Windows Server PKI and certificate services. A principal PKI consultant to Microsoft, Brian shows you how to incorporate best practices, avoid common design and implementation mistakes, help minimize risk, and optimize security administration. This definitive reference features a CD loaded with tools, scripts, and a fully searchable eBook.

Key Book Benefits

Guides system engineers and administrators how to design and implement PKI-based solutions

Explains how to exploit the tight integration of Windows Server 2008 PKI services with Active Directory® directory service

Features best practices based on real-world implementations
Includes a CD with tools, scripts, and a fully-searchable eBook

Hacking Windows XP (ExtremeTech)

Steve Sinchak

Amazon Price: $22.49 List Price: $24.99 Usually ships in 24 hours By: Wiley Amazon Marketplace: 69 new & used starting at $0.31

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Microsoft -> Operating Systems -> Windows NT
Subjects -> Computers & Internet -> Microsoft -> Operating Systems -> Windows NT Server

Customer Reviews:
Total reviews: 25 Average rating: 3.5 of 5

Editorial Review:

* Get ready for some down-and-dirty hackin'! Over 200 serious hacks readers can use to force Windows XP to do it their way, written in the ExtremeTech no-holds-barred style
* Sinchak doesn't waste time tweaking Movie Maker or Instant Messenger-these hacks are heavy-duty, detailed instructions for squeezing every drop of power from Windows XP and maximizing speed, appearance, and security
* Not for the faint of heart! This book is written for users who aren't afraid to roll up their sleeves, risk voiding their warranties, take total control of the task bar, uninstall programs that are supposedly permanent, and beef up boot speed
* Mines gems like unlocking hidden settings, customizing boot screens, supercharging online and program launch speed, maximizing the file system and RAM, and dumping hated features for good
* Written by the creator of TweakXP.com, a site considered Mecca for Windows hackers and trusted by more than ten million Windows XP users worldwide
* Includes a hacker's dream CD-ROM with a set of ready-to-install hacks, theme creation tools, custom boot screens, "undo" files that help the reader tinker with Windows XP's registry, and a whole lot more

Mastering Windows Network Forensics and Investigation (Mastering)

Steven Anson, Steve Bunting

Amazon Price: $37.79 List Price: $59.99 Usually ships in 2 to 4 weeks By: Sybex Amazon Marketplace: 37 new & used starting at $20.97

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Certification Central -> Publisher -> Sybex

Customer Reviews:
Total reviews: 6 Average rating: 5.0 of 5

It's refreshing to finally be part of the "target audience" 5 out of 5 stars.
5 of 5 people found this review helpful.

As a law enforcement officer, I've often found myself frustrated by books that cover incident response, but never discuss law enforcement involvement, except as an afterthought. While I understand that it's important for corporate and internal investigators to have this type of information, it's refreshing to find a book that talks about the law enforcement response to an computer crime incident.

I've had the privilege of attending classes instructed by both of these authors. One of the things that impressed me about their classes is that they were able to break down complicated technical concepts into terms that cops can understand. They continue to do that in this book.

Computer crime investigators need to add this book to their libraries. I'd say it's a must have.

Editorial Review:

This comprehensive guide provides you with the training you need to arm yourself against phishing, bank fraud, unlawful hacking, and other computer crimes. Two seasoned law enforcement professionals discuss everything from recognizing high-tech criminal activity and collecting evidence to presenting it in a way that judges and juries can understand. They cover the range of skills, standards, and step-by-step procedures you’ll need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.

Creating the Secure Managed Desktop: Using Group Policy, SoftGrid, Microsoft Deployment Toolkit, and Other Management Tools

Jeremy Moskowitz

Amazon Price: $31.49 List Price: $49.99 Usually ships in 24 hours By: Sybex Amazon Marketplace: 45 new & used starting at $23.83

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Graphic Design -> General AAS
Subjects -> Computers & Internet -> Microsoft -> Networking
Subjects -> Computers & Internet -> Networking -> Networks, Protocols & APIs -> General

Editorial Review:

Learn how to secure and manage every desktop in your network with Creating the Secure Managed Desktop: Using Group Policy, SoftGrid, Microsoft Deployment Toolkit, and Other Management Tools. Understand the tools and technologies you will need to create a more secure network using Windows Server 2008, Windows Vista and other Windows platforms and learn how to manage, diagnose, configure, update, and protect multiple desktops in an Active Directory network. Master automating tasks, setting and controlling settings, managing user profiles, and locking down systems from this must-have reference.

Hacking Windows Vista: ExtremeTech

Steve Sinchak

Amazon Price: $16.49 List Price: $24.99 Usually ships in 24 hours By: Wiley Amazon Marketplace: 62 new & used starting at $2.62

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Microsoft -> Operating Systems -> Windows NT

Customer Reviews:
Total reviews: 5 Average rating: 4.0 of 5

A Winner 5 out of 5 stars.
27 of 31 people found this review helpful.

I bought Hacking Windows Vista to help me make a decision about upgrading to Vista. After reading it, I got more than I bargained for -- it was not just a superficial book dealing with cosmetic changes. It went into depth about making Vista secure, a major concern of mine. It was so well written that nothing was left to guesswork. For example, detailed instructions show you how to undo the hacks that the author suggests.

Yes, I guess I could go all over the Internet looking and eventually get the information the author provides. But the information would be scattered. It is nice to know that it is all in one book so I can start out doing things right from the beginning.

No, I don't know the author. After using computers professionally and personally for twenty-two years, I know a good book when I see one.

Editorial Review:

Vista is the most radical revamping of Windows since 1995. However, along with all the fantastic improvements, there are a couple of things that likely drive you up the wall. Don’t worry, though—just join forces with author Steve Sinchak and you’ll end up feeling as though Microsoft designed Vista just for you! He shows you how to tweak logon screen settings, build custom Sidebar gadgets, personalize Aero Glass with themes and visual styles, turn your PC into an HDTV media center, fine-tune your firewall, and more.

MCSE Self-Paced Training Kit (Exam 70-298): Designing Security for a Microsoft® Windows Server(TM) 2003 Network (Training Kit)

Roberta Bragg

Amazon Price: $37.79 List Price: $59.99 Usually ships in 24 hours By: MSOFT - MICROSOFT PRESS - Model: 0-7356-1969-7 Amazon Marketplace: 49 new & used starting at $17.87

Buy at Amazon.com

Features:

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Certification Central -> Exams -> MCSE

Customer Reviews:
Total reviews: 16 Average rating: 3.0 of 5

Toe Socks Optional 4 out of 5 stars.
1 of 1 people found this review helpful.

Although I feel a one-ness with a Network Engineer that wears orange toe socks (I have ones with squirrels on the end which I have also worn at the airport much to security's chagrin), I can't help but feel that the twenty-something self-taught demographic (the bulk of our upcoming network engineers) will desire something more from this book.

The technical aspects are less than easy to follow, whereas the theory is sound but somewhat disorganized. Overall, the book is a review of what I know from the core MCSE tests and a double-check on my security common sense.

On the other hand - I can't say how it could be written better, Security is a learned skill, and taught best in the wild. Therefore I recommend this book - at a minimum you will get an impressive asterisk next to your MCSE on your resume and at best you'll get an insight into security on a Windows network.

Excellent Content 4 out of 5 stars.
0 of 2 people found this review helpful.

This book has great cases to help you lean and implement MS secured network with practical scenarios.

Editorial Review:

MCSE SP TRAIN KIT EXAM 70298 DESIGN SEC WIN SVR