Some of the topics I've been tossing around include:
- Log analysis - This includes Event Logs, primarily, but will also include IIS, PortReporter, etc.
- Registry Mining - Mining for "gold" in the Registry; this is extremely useful for both "live" analysis (admins can do so remotely with simple tools, or during incident response), as well as during forensic analysis of imaged drives.
- Malware Analysis for the Administrator - A detailed look at how to go about figuring out what that suspicious file does, with walk-throughs, caveats, gotchas, etc.
In this book, I would include more detailed walk-throughs, more case studies, more code and examples, etc.
How does this sound? What other topics could/should I address (keeping in mind that this is Windows-specific)? What are some of the topics of interest, the kinds of things that keep you awake at night, that scare the bejebbers out of you? Drop me a comment here, or email me...