Forensic Discovery

Dan Farmer, Wietse Venema - Collection Professional computing

216 pages, parution le 01/02/2005

Ajouter à une liste

Indisponible

Résumé

The Definitive Guide to Computer Forensics: Theory and Hands-On Practice

Computer forensics--the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators--is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject.

The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a wide variety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one's own forensic tools. The authors are singularly well-qualified to write this book: They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.

After reading this book you will be able to

Understand essential forensics concepts: volatility, layering, and trust
Gather the maximum amount of reliable evidence from a running system
Recover partially destroyed information--and make sense of it
Timeline your system: understand what really happened when
Uncover secret changes to everything from system utilities to kernel modules
Avoid cover-ups and evidence traps set by intruders
Identify the digital footprints associated with suspicious activity
Understand file systems from a forensic analyst's point of view
Analyze malware--without giving it a chance to escape
Capture and examine the contents of main memory on running systems
Walk through the unraveling of an intrusion, one step at a time

The book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.

L'auteur - Dan Farmer

Dan Farmer is author of a variety of security programs and papers. He is currently chief technical officer of Elemental Security, a computer security software company. Together he and Wietse Venema, have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit.

L'auteur - Wietse Venema

Wietse Venema has written some of the world's most widely used software, including TCP Wrapper and the Postfix mail system. He is currently a research staff member at IBM Research. Together, he and Dan Farmer have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit.

Sommaire

Basic Concepts
- The Spirit of Forensic Discovery
- Time Machines
Exploring System Abstractions
- File System Basics
- File System Analysis
- Systems and Subversion
- Malware Analysis Basics
Beyond The Abstractions
- The Persistence of Deleted File Information
- Beyond Processes
Appendix A: The Coroner's Toolkit and Related Software
Appendix B: Data Gathering and the Order of Volatility

Voir tout

Replier

Caractéristiques techniques

	PAPIER
Éditeur(s)	Addison Wesley
Auteur(s)	Dan Farmer, Wietse Venema
Collection	Professional computing
Parution	01/02/2005
Nb. de pages	216
Format	18 x 24
Couverture	Relié
Poids	654g
Intérieur	Noir et Blanc
EAN13	9780201634976
ISBN13	978-0-201-63497-6