Monday, January 12, 2009

UML 20 and the Unified Process or Mastering Windows Network Forensics and Investigation

UML 2.0 and the Unified Process: Practical Object-Oriented Analysis and Design

Author: Jim Arlow

"This book manages to convey the practical use of UML 2 in clear and understandable terms with many examples and guidelines. Even for people not working with the Unified Process, the book is still of great use. UML 2 and the Unified Process, Second Edition is a must-read for every UML 2 beginner and a helpful guide and reference for the experienced practitioner."


--Roland Leibundgut, Technical Director, Zuehlke Engineering Ltd.


"This book is a good starting point for organizations and individuals who are adopting UP and need to understand how to provide visualization of the different aspects needed to satisfy it. "


--Eric Naiburg, Market Manager, Desktop Products, IBM Rational Software


This thoroughly revised edition provides an indispensable and practical guide to the complex process of object-oriented analysis and design using UML 2. It describes how the process of OO analysis and design fits into the software development lifecycle as defined by the Unified Process (UP).


UML 2 and the Unified Process contains a wealth of practical, powerful, and useful techniques that you can apply immediately. As you progress through the text, you will learn OO analysis and design techniques, UML syntax and semantics, and the relevant aspects of the UP. The book provides you with an accurate and succinct summary of both UML and UP from the point of view of the OO analyst and designer.


This book provides

  • Chapter roadmaps, detailed diagrams, and margin notes allowing you to focus on your needs
  • Outline summaries for each chapter, making it ideal for revision, and a comprehensive index that can be used as areference

New to this edition:

  • Completely revised and updated for UML 2 syntax
  • Easy to understand explanations of the new UML 2 semantics
  • More real-world examples
  • A new section on the Object Constraint Language (OCL)
  • Introductory material on the OMG's Model Driven Architecture (MDA)

The accompanying website provides

  • A complete example of a simple e-commerce system
  • Open source tools for requirements engineering and use case modeling
  • Industrial-strength UML course materials based on the book




Book review: Recipes from Historic America or Mustard Seed Market and Cafe Natural Foods Cookbook

Mastering Windows Network Forensics and Investigation

Author: Steve Bunting

This comprehensive guide provides you with the training you need to arm yourself against phishing, bank fraud, unlawful hacking, and other computer crimes. Two seasoned law enforcement professionals discuss everything from recognizing high-tech criminal activity and collecting evidence to presenting it in a way that judges and juries can understand. They cover the range of skills, standards, and step-by-step procedures you’ll need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.



Table of Contents:
Introduction     xix
Network Investigation Overview     3
Performing the Initial Vetting     3
Meeting with the Victim Organization     5
Understanding the Victim Network Information     6
Understanding the Incident Information     7
Identifying and Preserving Evidence     8
Establishing Expectations and Responsibilities     10
Collecting the Evidence     11
Analyzing the Evidence     13
Analyzing the Suspect's Computers     15
Recognizing the Investigative Challenges of Microsoft Networks     18
The Bottom Line     19
The Microsoft Network Structure     21
Connecting Computers     21
Windows Domains     23
Interconnecting Domains     25
Organizational Units     29
Users and Groups     31
Types of Accounts     31
Groups     34
Permissions     37
File Permissions     39
Share Permissions     42
Reconciling Share and File Permissions     43
Example Hack     45
The Bottom Line     52
Beyond the Windows GUI     55
Understanding Programs, Processes, and Threads     56
Redirecting Process Flow     59
DLL Injection     62
Hooking     66
Maintaining Order Using Privilege Modes     70
Using Rootkits     72
The Bottom Line     75
Windows Password Issues     77
Understanding Windows Password Storage     77
Cracking Windows Passwords Stored on Running Systems     79
Exploring Windows Authentication Mechanisms     87
LanMan Authentication     88
NTLM and Kerberos Authentication     91
Sniffing and Cracking Windows Authentication Exchanges     94
Cracking Offline Passwords     102
The Bottom Line     106
Windows Ports and Services     107
Understanding Ports     107
Using Ports as Evidence     111
Understanding Windows Services     117
The Bottom Line     124
Live-Analysis Techniques     129
Finding Evidence in Memory     129
Creating Windows Live-Analysis CDs     131
Selecting Tools for Your Live-Response CD     133
Verifying Your CD     139
Using Your CD      142
Monitoring Communication with the Victim Box     146
Scanning the Victim System     149
Using Stand-alone Tools for Live-analysis     150
Using Commercial Products     150
Using EnCase FIM     150
Using Free Products     157
The Bottom Line     158
Windows File Systems     161
File Systems vs. Operating Systems     161
Understanding FAT File Systems     164
Understanding NTFS File Systems     177
Using NTFS Data Structures     178
Creating, Deleting, and Recovering Data in NTFS     184
Dealing with Alternate Data Streams     187
The Bottom Line     191
The Registry Structure     193
Understanding Registry Concepts     193
Registry History     195
Registry Organization and Terminology     195
Performing Registry Research     201
Viewing the Registry with Forensic Tools     203
Using EnCase to View the Registry     204
Using AccessData's Registry Viewer     207
The Bottom Line     212
Registry Evidence     215
Finding Information in the Software Key     216
Installed Software     216
Last Logon     218
Banners     219
Exploring Windows Security Center and Firewall Settings     220
Analyzing Restore Point Registry Settings     225
Exploring Security Identifiers     231
Investigating User Activity     234
Extracting LSA Secrets     245
Discovering IP Addresses     246
Compensating for Time Zone Offsets     251
Determining the Startup Locations     253
The Bottom Line     260
Tool Analysis     263
Understanding the Purpose of Tool Analysis     263
Exploring Tools and Techniques     267
Strings     268
Dependency Walker     271
Monitoring the Code     273
Monitoring the Tool's Network Traffic     282
External Port Scans     284
The Bottom Line     286
Text-Based Logs     289
Parsing IIS Logs     289
Parsing FTP Logs     300
Parsing DHCP Server Logs     306
Parsing Windows Firewall Logs     310
Using the Microsoft Log Parser     313
The Bottom Line     324
Windows Event Logs      327
Understanding the Event Logs     327
Exploring Auditing Settings     329
Using Event Viewer     334
Searching with Event Viewer     347
The Bottom Line     351
Logon and Account Logon Events     353
Exploring Windows NT Logon Events     353
Analyzing Windows 2000 Event Logs     361
Comparing Logon and Account Logon Events     361
Examining Windows 2000 Logon Events     364
Examining Windows 2000 Account Logon Events     366
Contrasting Windows 2000 and XP Logging     386
Examining Windows Server 2003 Account Logon and Logon Events     393
The Bottom Line     397
Other Audit Events     399
Evaluating Account Management Events     399
Interpreting File and Other Object Access Events     409
Examining Audit Policy Change Events     416
Examining System Log Entries     417
Examining Application Log Entries     422
The Bottom Line     423
Forensic Analysis of Event Logs     425
Using EnCase to Examine Windows Event Log Files     425
Windows Event Log Files Internals     433
Repairing Corrupted Event Log Databases      444
Finding and Recovering Event Logs from Free Space     446
The Bottom Line     453
Presenting the Results     455
Creating a Narrative Report with Hyperlinks     455
The Electronic Report Files     462
Timelines     463
Testifying About Technical Matters     466
The Bottom Line     467
The Bottom Line     469
Network Investigation Overview     469
The Microsoft Network Structure     471
Beyond the Windows GUI     472
Windows Password Issues     474
Windows Ports and Services     475
Live Analysis Techniques     477
Windows File Systems     478
The Registry Structure     480
Registry Evidence     482
Tool Analysis     486
Text-Based Logs     488
Windows Event Logs     492
Logon and Account Logon Events     493
Other Audit Events     495
Forensic Analysis of Event Logs     496
Presenting The Results     498
Index     501

No comments:

Post a Comment