Real Digital Forensics: Computer Security and Incident Responseby Keith J. Jones, Richard Bejtlich, Curtis W. Rose
Pub. Date: 09/16/2005
You can't succeed in the field of computer forensics without hands-on practiceand you can't get hands-on practice without real forensic data. The solution: Real Digital Forensics. In this book, a team of world-class computer forensics experts walks you through six detailed, highly realistic investigations and provides a DVD with all the data you
You can't succeed in the field of computer forensics without hands-on practiceand you can't get hands-on practice without real forensic data. The solution: Real Digital Forensics. In this book, a team of world-class computer forensics experts walks you through six detailed, highly realistic investigations and provides a DVD with all the data you need to follow along and practice.
From binary memory dumps to log files, this DVD's intrusion data was generated by attacking live systems using the same tools and methods real-world attackers use. The evidence was then captured and analyzed using the same tools the authors employ in their own investigations. This book relies heavily on open source tools, so you can perform virtually every task without investing in any commercial software.
You'll investigate environments ranging from financial institutions to software companies and crimes ranging from intellectual property theft to SEC violations. As you move step by step through each investigation, you'll discover practical techniques for overcoming the challenges forensics professionals face most often.
Inside, you will find in-depth information on the following areas:
- Responding to live incidents in both Windows and Unix environments
- Determining whether an attack has actually occurred
- Assembling a toolkit you can take to the scene of a computer-related crime
- Analyzing volatile data, nonvolatile data, and files of unknown origin
- Safely performing and documenting forensic duplications
- Collecting and analyzing network-based evidence in Windows and Unix environments
- Reconstructing Web browsing, e-mail activity, and Windows Registry changes
- Tracing domain name ownership and the source of e-mails
- Duplicating and analyzing the contents of PDAs and flash memory devices
The accompanying DVD contains several gigabytes of compressed data generated from actual intrusions. This data mirrors what analysts might find in real investigations and allows the reader to learn about forensic investigations in a realisticsetting.
- Publication date:
- Edition description:
- Sales rank:
- Product dimensions:
- 6.90(w) x 9.00(h) x 1.50(d)
Table of Contents
About the Authors.
I. LIVE INCIDENT RESPONSE.
1. Windows Live Response.
2. Unix Live Response.
II. NETWORK-BASED FORENSICS.
3. Collecting Network-Based Evidence.
4. Analyzing Network-Based Evidence for a Windows Intrusion.
5. Analyzing Network-Based Evidence for a Unix Intrusion.
III. ACQUIRING A FORENSIC DUPLICATION.
6. Before You Jump Right In…
7. Commercial-Based Forensic Duplications.
8. Noncommercial-Based Forensic Duplications.
IV. FORENSIC ANALYSIS TECHNIQUES.
9. Common Forensic Analysis Techniques.
10. Web Browsing Activity Reconstruction.
11. E-Mail Activity Reconstruction.
12. Microsoft Windows Registry Reconstruction.
13. Forensic Tool Analysis: An Introduction to Using Linux for Analyzing Files of Unknown Origin.
14. Forensic Tool Analysis: A Hands-On Analysis of the Linux File aio.
15. Forensic Tool Analysis: Analyzing Files of Unknown Origin (Windows).
V. CREATING A COMPLETE FORENSIC TOOL KIT.
16. Building the Ultimate Response CD.
17. Making Your CD-ROM a Bootable Environment.
VI. MOBILE DEVICE FORENSICS.
18. Forensic Duplication and Analysis of Personal Digital Assistants.
19. Forensic Duplication of USB and Compact Flash Memory Devices.
20. Forensic Analysis of USB and Compact Flash Memory Devices.
VII. ONELINE-BASED FORENSCIS.
21. Tracing E-Mail.
22. Domain Name Ownership.
Appendix: An Introduction to Perl.
and post it to your social network
Most Helpful Customer Reviews
See all customer reviews >
There have been several authoritative books on computer forensics. (Including 'Tao of Network Security Monitoring' by Bejtlich.) But this 'Real Digital Forensics' book breaks new ground. Not in the theoretical modelling of an attack or countermeasures against it. Instead, there are several indepth case studies, that key off data given in the book's DVD. And the latter is a DVD, not a CD. The authors needed the multigigabyte capacity to store the provided data. Even then, these are compressed. This should give you some feeling of the book's emphasis. The authors address a serious lack in this field. How does someone [you] gain experience analysing a real attack? Without already being employed at a company experiencing such an event? In response, the authors made several scenarios that, they claim, reflect what actual attackers would likely have done. This is an experimental book. There is no overarching elegant theory. You are meant to roll up your sleeves and tackle each case. En route, the book shows how, as a defender, you can use several open source packages to dissect the attack, as well as impose countermeasures. Which is another nice feature. Those packages are free. It makes your forensics education very cheap, in terms of explicit capital outlay. Which is not to say that the book ignores commercial forensic tools. But the authors have a clear preference for open source, with which you might well concur.