This book is intended for anyone who has an interest in useful Perl scripting, in particular on the Windows platform, for the purpose of incident response, and forensic analysis, and application monitoring. While a thorough grounding in scripting languages (or in Perl specifically) is not required, it is helpful in fully and more completely understanding the material and code presented in this book. This book contains information that is useful to consultants who perform incident response and computer forensics, specifically as those activities pertain to MS Windows systems (Windows 2000, XP, 2003, and some Vista). My hope is that not only will consultants (such as myself) find this material valuable, but so will system administrators, law enforcement officers, and students in undergraduate and graduate programs focusing on computer forensics.
*Perl is the third most commonly used programming language in the world
*Helps security professionals in updating settings on a remote server several cities away, collecting data for a report to management, and more
*The companion Web site for the book contains dozens of scripts the reader can download and use today
About the Author
Harlan Carvey developed an interest in computer security while in the military. After leaving active duty, he began working in the area of penetration testing and vulnerability assessments, leading teams of engineers, and developing his own tools to optimize his ability to collect and analyze data. As most clients employed Windows to some degree, Harlan began to see a disparity in knowledge and support for these operating systems, and decided to seize the opportunity and focus on Windows as an area of interest and research. This led him to address topics in incident response and forensic analysis, and to his position as a forensic analyst.
Harlan has been a prolific author and presenter, beginning with the Usenix LISA-NT conference in 2000. He has also presented at Black Hat, DefCon 9, MISTI, and HTCIA/GMU conferences. Harlan has had articles published in the Information Security Bulletin as well as on the SecurityFocus web site, and is the author of Windows Forensics and Incident Recovery.