|Book Name:||Forensic Discovery|
Computer forensics – the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators – is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject.
This book covers both theory and hands-on practice of computer forensics, introducing a powerful approach that can often recover evidence considered lost forever.
The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a wide variety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one’s own forensic tools.
The authors are singularly well-qualified to write this book: They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner’s Toolkit for analyzing UNIX break-ins.
About the Authors
Dan Farmer is an American computer security researcher and programmer who was a pioneer in the development of vulnerability scanners for Unix operating systems and computer networks.
Wietse Venem is a Dutch programmer and physicist best known for writing the Postfix email system. He also wrote TCP Wrapper and collaborated with Dan Farmer to produce the computer security tools SATAN and The Coroner’s Toolkit.
Table of Contents
Introduction to Part 1
Chapter 1 – The spirit of forensic discovery
Chapter 2 – Time Machines
Introduction to Part 2
Chapter 3 – File system basics
Chapter 4 – File system analysis
Chapter 5 – Systems and subversion
Chapter 6 – Malware analysis basics
Introduction to Part 3
Chapter 7 – Persistence of deleted file information
Chapter 8 – Beyond Processes
Forensic Discovery PDF