 | | |
| UNIX and Linux Forensic Analysis DVD Toolkit | 
| Authors: Chris Pogue, Cory Altheide, Todd Haverkos
Publisher: Syngress
Category: Book
List Price: $59.95
Buy New: $41.96
You Save: $17.99 (30%)
Buy New/Used from $41.96
Avg. Customer Rating:  (2 reviews)
Sales Rank: 134750
Media: Paperback
Edition: Pap/DVD
Number Of Items: 1
Pages: 448
Shipping Weight (lbs): 1.2
Dimensions (in): 9.1 x 7.4 x 0.4
ISBN: 1597492698
Dewey Decimal Number: 005
EAN: 9781597492690
ASIN: 1597492698
Publication Date: June 23, 2008
Shipping: Eligible for Super Saver Shipping
Availability: Usually ships in 24 hours
|
| Editorial Reviews:
Product Description
This book addresses topics in the area of forensic analysis of systems running on variants of the UNIX operating system, which is the choice of hackers for their attack platforms. According to a 2007 IDC report, UNIX servers account for the second-largest segment of spending (behind Windows) in the worldwide server market with $4.2 billion in 2Q07, representing 31.7% of corporate server spending. UNIX systems have not been analyzed to any significant depth largely due to a lack of understanding on the part of the investigator, an understanding and knowledge base that has been achieved by the attacker. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors.
The book begins with a chapter to describe why and how the book was written, and for whom, and then immediately begins addressing the issues of live response (volatile) data collection and analysis. The book continues by addressing issues of collecting and analyzing the contents of physical memory (i.e., RAM). The following chapters address /proc analysis, revealing the wealth of significant evidence, and analysis of files created by or on UNIX systems. Then the book addresses the underground world of UNIX hacking and reveals methods and techniques used by hackers, malware coders, and anti-forensic developers. The book then illustrates to the investigator how to analyze these files and extract the information they need to perform a comprehensive forensic analysis. The final chapter includes a detailed discussion of Loadable Kernel Modules and Malware. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors.
Throughout the book the author provides a wealth of unique information, providing tools, techniques and information that won't be found anywhere else. Not only are the tools provided, but the author also provides sample files so that after completing a detailed walk-through, the reader can immediately practice the new-found skills.
* The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else.
* This book contains information about UNIX forensic analysis that is not available anywhere else. Much of the information is a result of the author?s own unique research and work.
* The authors have the combined experience of Law Enforcement, Military, and Corporate forensics. This unique perspective makes this book attractive to ALL forensic investigators.
|
| Customer Reviews:
Very informative style of delivery in Forensic World August 10, 2008
The authors initiate a very interesting subject, with very easy informative style of delivery. Looking forward of going through more advanced material by the authors with such valuable information.
Excellent introduction to Linux forensics, ideal for those starting out or Windows centric examiner who is curious about Linux August 7, 2008
The first few chapters leads the reader gently into appreciating the differences between Windows and *nix based nomenclature. There are a number of practical tools covered which would assist any Windows investigator to perform post forensic analysis. The tools needed to get the job done on *nix boxes are covered more than adequately. Chapter 4 introduces the reader to some practical advice on triage and live data analysis, there are some useful practical exercises using search techniques and the author shares his experience offering some good practical advice on narrowing the search to relevant areas of investigation. Chapter 5 provides some of the best examples I have seen of the "top 10 hacking" tools covered. This should inspire any reader to appreciate how best to investigate against such "tools". This chapter inspires the reader to conduct their own research in a laboratory environment with just enough of a sweetener provided in the examples to encourage them to do so. Chapter 6 takes the reader on an insightful tour of the /proc filesystem highlighting some of the key areas an investigator needs to know in terms of live analysis and key areas for volatile data capture. There's small additional section on the sysfs which covers additional areas of interest relevant to the investigator. Included in this chapter is an insightful walkthru of an investigation further re-enforcing the ideas presented by the author. Chapter 7 guides the reader through the filesystem, highlighting key areas such as configuration files. The author also provides the reader with some inventive techniques for investigation. Although a short chapter it concisely provides enough detail to assist the reader in their investigations. Chapter 8 contains detailed instructions on the use and installation of anti-virus/malware software with a good overview provided by the author of Linux file permissions/security. The final appendix is a worthy addition providing a good overview of auditing and logging not just on *nix but includes, Windows, firewalls, router, IDS and IPS systems. It provides a complementary addition to the literature.
Summary.
The author has sought to introduce the reader to a very wide subject area, which considering the diversity of Unices is a brave and audacious move. It is quite amazing how much the author has managed to cover and condense into only 8 chapters and an appendix. The authors clearly have a vast amount of forensic experience especially with regard to incident response, providing practical and sound advice to the reader. There are a number of other sources hinted at by the authors which shows thorough research benefiting this literature and ultimately the reader. This book provides the reader with a perfect introduction to UNIX and Linux Forensic Analysis, additional it should also benefit forensic investigators from the Windows centric world in grasping some of the power available with Linux and Open Source tools. This should allow the reader to complement their own arsenal of investigation tools and techniques with a complementary set of Linux forensic CDs and methodology. This is a book I would heartily recommend to experienced computer forensic examiners and those starting out. Especially to those investigators more used to the Windows environment. The book is clearly an introduction and hints at more to come. I very much look forward to reading more material from the authors covering more advanced topics in their next book. The final paragraph of the synopsis clearly says it all.
|
|
|
Powered by: Dknc, inc. and Amazon.com | | 
For your safety and security, orders are processed through amazon.com
|
|
|
|