- Shopping Bag ( 0 items )
From Barnes & NobleThe Barnes & Noble Review
Think of it as CSI: Unix, Linux, and Windows. The creators of the legendary SATAN and Coroner’s Toolkit security packages have written the definitive guide to forensics problem solving, analysis, and discovery.
Forensic data can be found everywhere you look -- if you know how. So Dan Farmer and Wietse Venema systematically explain how information and traces of past events persist, and how to recover and assess them.
You’ll learn how computer architecture impacts your analysis; then master the crucial concept of timelining: drawing on host- and network-based information to understand what happened when. (The authors present a case study intrusion that lasted a full year.)
Farmer and Venema systematically demonstrate how to examine file systems and evaluate the trustworthiness of the data you capture. You’ll learn how to identify subversions of user processes and operating systems -- from simple changes to malicious kernel modules. There’s a chapter on uncovering the hidden purpose of malware. You’ll even learn how to discover clues in RAM (for example, decrypted contents of encrypted files).
This book is about the spirit and thinking involved in successful forensic analysis. It’s not a “cookbook.” But there are more than enough specific techniques and tools coverage to make you effective in real-world investigations. There are plenty of examples, too: from Solaris, FreeBSD, Linux, occasionally Windows. Strikingly, however, the underlying principles remain constant regardless of environment. And whether you’re a sysadmin or law enforcement professional, you need to know them. Bill Camarda, from the February 2005 Read Only