Readers should be familiar with the Windows OS and have the ability to download and run applications as well as to use the Windows command line. Familiarity with the Linux command line is also helpful. An understanding of the basic network protocols and various types of network traffic is required as well. It's not required, but it is helpful to have access to a virtualization software platform and a Windows OS in which to run specific tools. Finally, incident response and digital forensics is a growing field. You will get the most out of this book by continuing to research and try new tools and techniques.

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781838649005_ColorImages.pdf.

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Once in Command Prompt, navigate to the folder containing the RawCap.exe file."

A block of code is set as follows:

meta:
 description = "Stuxnet Sample - file ~WTR4141.tmp"
 author = "Florian Roth"
 reference = "Internal Research"
 date = "2016-07-09"

Any command-line input or output is written as follows:

dfir@ubuntu:~$ tcpdump -h

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Click on File and then on Capture Memory."