To get the most out of this book
A basic understanding of the Windows operating system internals will make some core concepts such as memory analysis or process execution easier to understand. Further, you should be comfortable working in the Windows and Linux command lines. Finally, a basic understanding of network protocols will be useful in analyzing network evidence.
|
Software/hardware covered in the book |
|
|
Wireshark |
Encrypted Disk Detector 3.0.2 |
|
FTK Imager 4.7.12 |
Security Onion 2.3 |
|
WinPmem 2.0.1 |
Zeek |
|
Belkasoft Live RAM Capturer |
RITA |
|
Kroll gkape 1.2.0.0 |
Network Miner 2.7.3 |
|
Velociraptor 0.6.4 |
Arkime 3.3.1 |
|
Eraser 6.2.0.2993 |
Monolith Notes |
|
Volatility 3 Framework 2.2.0 |
Pestudio 9.3.7 |
|
Volatility Workbench v3.0.1003 |
Process Explorer |
|
Autopsy 4.19.3 |
ClamAV |
|
Event Log Explorer 5.2 |
Maltego 4.3.1 |
|
Skadi 2019.4 |
|
|
Operating system requirements |
|
|
Windows 10 |
Ubuntu 20.04 |
Various tools need to be run on a Linux OS, such as Ubuntu 20.04. There are also techniques that should be conducted in a sandbox environment to limit the potential for inadvertent infection. You should have a virtualization tool such as VMWare Workstation Player or VirtualBox to use several of the covered operating systems and tools.
In some cases, tools that are covered have a commercial version. There should be no need to purchase commercial tools in following the various examples presented. It is the intent that you can take the examples and constructs into a production environment and use them in actual investigations.
