作者:Harlan Carvey, Jeremy Faircloth, Dave Kleiman
出版日期:December 26, 2007
出版社:Syngress
页数:232
ISBN:978-1597491730
文件格式:PDF
I decided to write this book for a couple of reasons. One was thatI’ve now written a couple of books that have to do with incidentresponse and forensic analysis on Windows systems, and I used a lot ofPerl in both books. Okay.I’ll come clean.I used nothing but Perl inboth books! What I’ve seen as a result of this is that many readerswant to use the tools, but don’t know how.they simply aren’t familiarwith Perl, with interpreted (or scripting) languages in general, andmay not be entirely comfortable with running tools at the command line.
This book is intended for anyone who has an interest in useful Perlscripting, in particular on the Windows platform, for the purpose ofincident response, and forensic analysis, and application monitoring.While a thorough grounding in scripting languages (or in Perlspecifically) is not required, it helpful in fully and more completelyunderstanding the material and code presented in this book. This bookcontains information that is useful to consultants who perform incidentresponse and computer forensics, specifically as those activitiespertain to MS Windows systems (Windows 2000, XP, 2003, and some Vista).My hope is that not only will consultants (such as myself) find thismaterial valuable, but so will system administrators, law enforcementofficers, and students in undergraduate and graduate programs focusingon computer forensics.
Code can be found at: http://www.elsevierdirect.com/companion.jsp?ISBN=9781597491730
*Perl Scripting for Live Response
Using Perl, there’s a great deal of information you can retrievefrom systems, locally or remotely, as part of troubleshooting orinvestigating an issue. Perl scripts can be run from a centralmanagement point, reaching out to remote systems in order to collectinformation, or they can be “compiled” into standalone executablesusing PAR, PerlApp, or Perl2Exe so that they can be run on systems thatdo not have ActiveState’s Perl distribution (or any other Perldistribution) installed.
*Perl Scripting for Computer Forensic Analysis
Perl is an extremely useful and powerful tool for performingcomputer forensic analysis. While there are applications available thatlet an examiner access acquired images and perform some modicum ofvisualization, there are relatively few tools that meet the specificneeds of a specific examiner working on a specific case. This is wherethe use of Perl really shines through and becomes apparent.
*Perl Scripting for Application Monitoring
Working with enterprise-level Windows applications requires a greatdeal of analysis and constant monitoring. Automating the monitoringportion of this effort can save a great deal of time, reduce systemdowntimes, and improve the reliability of your overall application. Byutilizing Perl scripts and integrating them with the applicationtechnology, you can easily build a simple monitoring framework that canalert you to current or future application issues.