UML 2.0 and the Unified Process: Practical Object-Oriented Analysis and Design
Author: Jim Arlow
"This book manages to convey the practical use of UML 2 in clear and understandable terms with many examples and guidelines. Even for people not working with the Unified Process, the book is still of great use. UML 2 and the Unified Process, Second Edition is a must-read for every UML 2 beginner and a helpful guide and reference for the experienced practitioner."
--Roland Leibundgut, Technical Director, Zuehlke Engineering Ltd.
"This book is a good starting point for organizations and individuals who are adopting UP and need to understand how to provide visualization of the different aspects needed to satisfy it. "
--Eric Naiburg, Market Manager, Desktop Products, IBM Rational Software
This thoroughly revised edition provides an indispensable and practical guide to the complex process of object-oriented analysis and design using UML 2. It describes how the process of OO analysis and design fits into the software development lifecycle as defined by the Unified Process (UP).
UML 2 and the Unified Process contains a wealth of practical, powerful, and useful techniques that you can apply immediately. As you progress through the text, you will learn OO analysis and design techniques, UML syntax and semantics, and the relevant aspects of the UP. The book provides you with an accurate and succinct summary of both UML and UP from the point of view of the OO analyst and designer.
This book provides
- Chapter roadmaps, detailed diagrams, and margin notes allowing you to focus on your needs
- Outline summaries for each chapter, making it ideal for revision, and a comprehensive index that can be used as areference
New to this edition:
- Completely revised and updated for UML 2 syntax
- Easy to understand explanations of the new UML 2 semantics
- More real-world examples
- A new section on the Object Constraint Language (OCL)
- Introductory material on the OMG's Model Driven Architecture (MDA)
The accompanying website provides
- A complete example of a simple e-commerce system
- Open source tools for requirements engineering and use case modeling
- Industrial-strength UML course materials based on the book
Book review: Recipes from Historic America or Mustard Seed Market and Cafe Natural Foods Cookbook
Mastering Windows Network Forensics and Investigation
Author: Steve Bunting
This comprehensive guide provides you with the training you need to arm yourself against phishing, bank fraud, unlawful hacking, and other computer crimes. Two seasoned law enforcement professionals discuss everything from recognizing high-tech criminal activity and collecting evidence to presenting it in a way that judges and juries can understand. They cover the range of skills, standards, and step-by-step procedures you’ll need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.
Table of Contents:
Introduction xixNetwork Investigation Overview 3
Performing the Initial Vetting 3
Meeting with the Victim Organization 5
Understanding the Victim Network Information 6
Understanding the Incident Information 7
Identifying and Preserving Evidence 8
Establishing Expectations and Responsibilities 10
Collecting the Evidence 11
Analyzing the Evidence 13
Analyzing the Suspect's Computers 15
Recognizing the Investigative Challenges of Microsoft Networks 18
The Bottom Line 19
The Microsoft Network Structure 21
Connecting Computers 21
Windows Domains 23
Interconnecting Domains 25
Organizational Units 29
Users and Groups 31
Types of Accounts 31
Groups 34
Permissions 37
File Permissions 39
Share Permissions 42
Reconciling Share and File Permissions 43
Example Hack 45
The Bottom Line 52
Beyond the Windows GUI 55
Understanding Programs, Processes, and Threads 56
Redirecting Process Flow 59
DLL Injection 62
Hooking 66
Maintaining Order Using Privilege Modes 70
Using Rootkits 72
The Bottom Line 75
Windows Password Issues 77
Understanding Windows Password Storage 77
Cracking Windows Passwords Stored on Running Systems 79
Exploring Windows Authentication Mechanisms 87
LanMan Authentication 88
NTLM and Kerberos Authentication 91
Sniffing and Cracking Windows Authentication Exchanges 94
Cracking Offline Passwords 102
The Bottom Line 106
Windows Ports and Services 107
Understanding Ports 107
Using Ports as Evidence 111
Understanding Windows Services 117
The Bottom Line 124
Live-Analysis Techniques 129
Finding Evidence in Memory 129
Creating Windows Live-Analysis CDs 131
Selecting Tools for Your Live-Response CD 133
Verifying Your CD 139
Using Your CD 142
Monitoring Communication with the Victim Box 146
Scanning the Victim System 149
Using Stand-alone Tools for Live-analysis 150
Using Commercial Products 150
Using EnCase FIM 150
Using Free Products 157
The Bottom Line 158
Windows File Systems 161
File Systems vs. Operating Systems 161
Understanding FAT File Systems 164
Understanding NTFS File Systems 177
Using NTFS Data Structures 178
Creating, Deleting, and Recovering Data in NTFS 184
Dealing with Alternate Data Streams 187
The Bottom Line 191
The Registry Structure 193
Understanding Registry Concepts 193
Registry History 195
Registry Organization and Terminology 195
Performing Registry Research 201
Viewing the Registry with Forensic Tools 203
Using EnCase to View the Registry 204
Using AccessData's Registry Viewer 207
The Bottom Line 212
Registry Evidence 215
Finding Information in the Software Key 216
Installed Software 216
Last Logon 218
Banners 219
Exploring Windows Security Center and Firewall Settings 220
Analyzing Restore Point Registry Settings 225
Exploring Security Identifiers 231
Investigating User Activity 234
Extracting LSA Secrets 245
Discovering IP Addresses 246
Compensating for Time Zone Offsets 251
Determining the Startup Locations 253
The Bottom Line 260
Tool Analysis 263
Understanding the Purpose of Tool Analysis 263
Exploring Tools and Techniques 267
Strings 268
Dependency Walker 271
Monitoring the Code 273
Monitoring the Tool's Network Traffic 282
External Port Scans 284
The Bottom Line 286
Text-Based Logs 289
Parsing IIS Logs 289
Parsing FTP Logs 300
Parsing DHCP Server Logs 306
Parsing Windows Firewall Logs 310
Using the Microsoft Log Parser 313
The Bottom Line 324
Windows Event Logs 327
Understanding the Event Logs 327
Exploring Auditing Settings 329
Using Event Viewer 334
Searching with Event Viewer 347
The Bottom Line 351
Logon and Account Logon Events 353
Exploring Windows NT Logon Events 353
Analyzing Windows 2000 Event Logs 361
Comparing Logon and Account Logon Events 361
Examining Windows 2000 Logon Events 364
Examining Windows 2000 Account Logon Events 366
Contrasting Windows 2000 and XP Logging 386
Examining Windows Server 2003 Account Logon and Logon Events 393
The Bottom Line 397
Other Audit Events 399
Evaluating Account Management Events 399
Interpreting File and Other Object Access Events 409
Examining Audit Policy Change Events 416
Examining System Log Entries 417
Examining Application Log Entries 422
The Bottom Line 423
Forensic Analysis of Event Logs 425
Using EnCase to Examine Windows Event Log Files 425
Windows Event Log Files Internals 433
Repairing Corrupted Event Log Databases 444
Finding and Recovering Event Logs from Free Space 446
The Bottom Line 453
Presenting the Results 455
Creating a Narrative Report with Hyperlinks 455
The Electronic Report Files 462
Timelines 463
Testifying About Technical Matters 466
The Bottom Line 467
The Bottom Line 469
Network Investigation Overview 469
The Microsoft Network Structure 471
Beyond the Windows GUI 472
Windows Password Issues 474
Windows Ports and Services 475
Live Analysis Techniques 477
Windows File Systems 478
The Registry Structure 480
Registry Evidence 482
Tool Analysis 486
Text-Based Logs 488
Windows Event Logs 492
Logon and Account Logon Events 493
Other Audit Events 495
Forensic Analysis of Event Logs 496
Presenting The Results 498
Index 501
No comments:
Post a Comment