Forensic Discovery
The definitive guide to computer forensics -- the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators -- both theory and hands-on practice.
Publication date: 01 Jan 2005
ISBN-10: 020163497X
ISBN-13: 020163497X
Paperback: 240 pages
Views: 28,983
Forensic Discovery
The definitive guide to computer forensics -- the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators -- both theory and hands-on practice.
Tag(s):
Computer Security
System Administration
Publication date: 01 Jan 2005
ISBN-10: 020163497X
ISBN-13: 020163497X
Paperback: 240 pages
Views: 28,983
Document Type: Book
Publisher: Addison-Wesley Professional
License: n/a
Post time: 05 Dec 2007 09:56:10
Publication date: 01 Jan 2005
ISBN-10: 020163497X
ISBN-13: 020163497X
Paperback: 240 pages
Views: 28,983
Document Type: Book
Publisher: Addison-Wesley Professional
License: n/a
Post time: 05 Dec 2007 09:56:10
Excerpts from the Preface:
The premise of the book is that forensic information can be found everywhere you look. With this guiding principle in mind we develop tools to collect information from obvious and not so obvious sources, we walk through analyses of real intrusions in detail, and we discuss the limitations of our approach.
Although we illustrate our approach with specific forensic tools in specific system environments, we do not provide cookbooks for how to use those tools, nor do we provide checklists for step-by-step investigation. Instead, we provide a background on how information persists, how information about past events may be recovered, and how trustworthiness of that information may be affected by deliberate or accidental processes.
In our case studies and examples we deviate from traditional computer forensics and head towards the study of system dynamics. Volatility and persistence of file systems and memory are pervasive topics in our book. And while the majority of our examples are from Solaris, FreeBSD and Linux systems, Microsoft's Windows shows up on occasion as well. Our emphasis is on the underlying principles that these systems have in common: we look for inherent properties of computer systems, rather than accidental differences or superficial features.
Our global themes are problem solving, analysis and discovery, with a focus on reconstruction of past events. This may help you to discover why events transpired, but that is generally outside the scope of this work. Knowing what happened will leave you better prepared the next time something bad is about to happen, even when it is not sufficient to prevent future problems. We should note up-front, however, that we do not cover the detection or prevention of intrusions. We do show that traces from one intrusion can lead to the discovery of other intrusions, and we point out how forensic information may be affected by system protection mechanisms, and by their failures.
Intended audience:
The target audience of the book is anyone who wants to deepen their understanding of how computer systems work, as well as anyone who is likely to become involved with the technical aspects of computer intrusion or system analysis. These are not only system administrators, incident responders, other computer security professionals, or forensic analysts, but also anyone who is concerned about the impact of computer forensics on privacy.
While we have worked hard to make the material accessible to non-expert readers, we definitely do not target the novice computer user. As a minimal requirement, we assume strong familiarity with the basic concepts of UNIX or Windows file systems, networking, and processes.
Reviews:
Amazon.com
:) "Definitely a good start at file system analysis, specifically on Unix machines. But you will definitely be left wanting more of the same."
:) "Forensic Discovery unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder. I highly recommend reading this book."
The premise of the book is that forensic information can be found everywhere you look. With this guiding principle in mind we develop tools to collect information from obvious and not so obvious sources, we walk through analyses of real intrusions in detail, and we discuss the limitations of our approach.
Although we illustrate our approach with specific forensic tools in specific system environments, we do not provide cookbooks for how to use those tools, nor do we provide checklists for step-by-step investigation. Instead, we provide a background on how information persists, how information about past events may be recovered, and how trustworthiness of that information may be affected by deliberate or accidental processes.
In our case studies and examples we deviate from traditional computer forensics and head towards the study of system dynamics. Volatility and persistence of file systems and memory are pervasive topics in our book. And while the majority of our examples are from Solaris, FreeBSD and Linux systems, Microsoft's Windows shows up on occasion as well. Our emphasis is on the underlying principles that these systems have in common: we look for inherent properties of computer systems, rather than accidental differences or superficial features.
Our global themes are problem solving, analysis and discovery, with a focus on reconstruction of past events. This may help you to discover why events transpired, but that is generally outside the scope of this work. Knowing what happened will leave you better prepared the next time something bad is about to happen, even when it is not sufficient to prevent future problems. We should note up-front, however, that we do not cover the detection or prevention of intrusions. We do show that traces from one intrusion can lead to the discovery of other intrusions, and we point out how forensic information may be affected by system protection mechanisms, and by their failures.
Intended audience:
The target audience of the book is anyone who wants to deepen their understanding of how computer systems work, as well as anyone who is likely to become involved with the technical aspects of computer intrusion or system analysis. These are not only system administrators, incident responders, other computer security professionals, or forensic analysts, but also anyone who is concerned about the impact of computer forensics on privacy.
While we have worked hard to make the material accessible to non-expert readers, we definitely do not target the novice computer user. As a minimal requirement, we assume strong familiarity with the basic concepts of UNIX or Windows file systems, networking, and processes.
Reviews:
Amazon.com
:) "Definitely a good start at file system analysis, specifically on Unix machines. But you will definitely be left wanting more of the same."
:) "Forensic Discovery unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder. I highly recommend reading this book."
Tweet
About The Author(s)
No information is available for this author.
No information is available for this author.
Book Categories
Computer Science
Introduction to Computer Science
Introduction to Computer Programming
Algorithms and Data Structures
Artificial Intelligence
Computer Vision
Machine Learning
Neural Networks
Game Development and Multimedia
Data Communication and Networks
Coding Theory
Computer Security
Information Security
Cryptography
Information Theory
Computer Organization and Architecture
Operating Systems
Image Processing
Parallel Computing
Concurrent Programming
Relational Database
Document-oriented Database
Data Mining
Big Data
Data Science
Digital Libraries
Compiler Design and Construction
Functional Programming
Logic Programming
Object Oriented Programming
Formal Methods
Software Engineering
Agile Software Development
Information Systems
Geographic Information System (GIS)
Mathematics
Mathematics
Algebra
Abstract Algebra
Linear Algebra
Number Theory
Numerical Methods
Precalculus
Calculus
Differential Equations
Category Theory
Proofs
Discrete Mathematics
Theory of Computation
Graph Theory
Real Analysis
Complex Analysis
Probability
Statistics
Game Theory
Queueing Theory
Operations Research
Computer Aided Mathematics
Supporting Fields
Web Design and Development
Mobile App Design and Development
System Administration
Cloud Computing
Electric Circuits
Embedded System
Signal Processing
Integration and Automation
Network Science
Project Management
Operating System
Programming/Scripting
Ada
Assembly
C / C++
Common Lisp
Forth
Java
JavaScript
Lua
Rexx
Microsoft .NET
Perl
PHP
R
Python
Rebol
Ruby
Scheme
Tcl/Tk
Miscellaneous
Sponsors