Sorry, this item is not available in
Image not available for
Color:
Image not available

To view this video download Flash Player

 


or
Sign in to turn on 1-Click ordering
More Buying Choices
Have one to sell? Sell yours here
Tell the Publisher!
I'd like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Forensic Discovery (paperback) [Paperback]

Dan Farmer , Wietse Venema
4.7 out of 5 stars  See all reviews (16 customer reviews)

List Price: $54.99
Price: $44.94 & FREE Shipping. Details
You Save: $10.05 (18%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 2 left in stock (more on the way).
Ships from and sold by Amazon.com. Gift-wrap available.
Want it Friday, July 11? Choose One-Day Shipping at checkout. Details
Free Two-Day Shipping for College Students with Amazon Student

Formats

Amazon Price New from Used from
Hardcover --  
Paperback $44.94  
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Book Description

January 9, 2005 0321703251 978-0321703255 1

"Don't look now, but your fingerprints are all over the cover of this book. Simply picking it up off the shelf to read the cover has left a trail of evidence that you were here.

    "If you think book covers are bad, computers are worse. Every time you use a computer, you leave elephant-sized tracks all over it. As Dan and Wietse show, even people trying to be sneaky leave evidence all over, sometimes in surprising places.

    "This book is about computer archeology. It's about finding out what might have been based on what is left behind. So pick up a tool and dig in. There's plenty to learn from these masters of computer security."
   --Gary McGraw, Ph.D., CTO, Cigital, coauthor of Exploiting Software and Building Secure Software

"A wonderful book. Beyond its obvious uses, it also teaches a great deal about operating system internals."
   --Steve Bellovin, coauthor of Firewalls and Internet Security, Second Edition, and Columbia University professor

"A must-have reference book for anyone doing computer forensics. Dan and Wietse have done an excellent job of taking the guesswork out of a difficult topic."
   --Brad Powell, chief security architect, Sun Microsystems, Inc.

"Farmer and Venema provide the essential guide to 'fossil' data. Not only do they clearly describe what you can find during a forensic investigation, they also provide research found nowhere else about how long data remains on disk and in memory. If you ever expect to look at an exploited system, I highly recommend reading this book."
   --Rik Farrow, Consultant, author of Internet Security for Home and Office

"Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. Forensic Discovery unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder."
   --Richard Bejtlich, technical director, ManTech CFIA, and author of The Tao of Network Security Monitoring

"Farmer and Venema are 'hackers' of the old school: They delight in understanding computers at every level and finding new ways to apply existing information and tools to the solution of complex problems."
   --Muffy Barkocy, Senior Web Developer, Shopping.com

"This book presents digital forensics from a unique perspective because it examines the systems that create digital evidence in addition to the techniques used to find it. I would recommend this book to anyone interested in learning more about digital evidence from UNIX systems."
   --Brian Carrier, digital forensics researcher, and author of File System Forensic Analysis

The Definitive Guide to Computer Forensics: Theory and Hands-On Practice

Computer forensics--the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators--is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject.

Dan Farmer and Wietse Venema cover both theory and hands-on practice, introducing a powerful approach that can often recover evidence considered lost forever.

The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a wide variety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one's own forensic tools. The authors are singularly well-qualified to write this book: They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.

After reading this book you will be able to

  • Understand essential forensics concepts: volatility, layering, and trust
  • Gather the maximum amount of reliable evidence from a running system
  • Recover partially destroyed information--and make sense of it
  • Timeline your system: understand what really happened when
  • Uncover secret changes to everything from system utilities to kernel modules
  • Avoid cover-ups and evidence traps set by intruders
  • Identify the digital footprints associated with suspicious activity
  • Understand file systems from a forensic analyst's point of view
  • Analyze malware--without giving it a chance to escape
  • Capture and examine the contents of main memory on running systems
  • Walk through the unraveling of an intrusion, one step at a time

The book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.


Frequently Bought Together

Forensic Discovery (paperback) + Computer Forensics: Principles and Practices
Price for both: $154.46

Buy the selected items together


Editorial Reviews

From the Back Cover

"Don't look now, but your fingerprints are all over the cover of this book. Simply picking it up off the shelf to read the cover has left a trail of evidence that you were here.

    "If you think book covers are bad, computers are worse. Every time you use a computer, you leave elephant-sized tracks all over it. As Dan and Wietse show, even people trying to be sneaky leave evidence all over, sometimes in surprising places.

    "This book is about computer archeology. It's about finding out what might have been based on what is left behind. So pick up a tool and dig in. There's plenty to learn from these masters of computer security."
   --Gary McGraw, Ph.D., CTO, Cigital, coauthor of Exploiting Software and Building Secure Software

"A wonderful book. Beyond its obvious uses, it also teaches a great deal about operating system internals."
   --Steve Bellovin, coauthor of Firewalls and Internet Security, Second Edition, and Columbia University professor

"A must-have reference book for anyone doing computer forensics. Dan and Wietse have done an excellent job of taking the guesswork out of a difficult topic."
   --Brad Powell, chief security architect, Sun Microsystems, Inc.

"Farmer and Venema provide the essential guide to 'fossil' data. Not only do they clearly describe what you can find during a forensic investigation, they also provide research found nowhere else about how long data remains on disk and in memory. If you ever expect to look at an exploited system, I highly recommend reading this book."
   --Rik Farrow, Consultant, author of Internet Security for Home and Office

"Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. Forensic Discovery unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder."
   --Richard Bejtlich, technical director, ManTech CFIA, and author of The Tao of Network Security Monitoring

"Farmer and Venema are 'hackers' of the old school: They delight in understanding computers at every level and finding new ways to apply existing information and tools to the solution of complex problems."
   --Muffy Barkocy, Senior Web Developer, Shopping.com

"This book presents digital forensics from a unique perspective because it examines the systems that create digital evidence in addition to the techniques used to find it. I would recommend this book to anyone interested in learning more about digital evidence from UNIX systems."
   --Brian Carrier, digital forensics researcher, and author of File System Forensic Analysis

The Definitive Guide to Computer Forensics: Theory and Hands-On Practice

Computer forensics--the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators--is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject.

Dan Farmer and Wietse Venema cover both theory and hands-on practice, introducing a powerful approach that can often recover evidence considered lost forever.

The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a wide variety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one's own forensic tools. The authors are singularly well-qualified to write this book: They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.

After reading this book you will be able to

  • Understand essential forensics concepts: volatility, layering, and trust
  • Gather the maximum amount of reliable evidence from a running system
  • Recover partially destroyed information--and make sense of it
  • Timeline your system: understand what really happened when
  • Uncover secret changes to everything from system utilities to kernel modules
  • Avoid cover-ups and evidence traps set by intruders
  • Identify the digital footprints associated with suspicious activity
  • Understand file systems from a forensic analyst's point of view
  • Analyze malware--without giving it a chance to escape
  • Capture and examine the contents of main memory on running systems
  • Walk through the unraveling of an intrusion, one step at a time

The book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.

About the Author

Dan Farmer is author of a variety of security programs and papers. He is currently chief technical officer of Elemental Security, a computer security software company. Together he and Wietse Venema, have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit.

Wietse Venema has written some of the world's most widely used software, including TCP Wrapper and the Postfix mail system. He is currently a research staff member at IBM Research. Together, he and Dan Farmer have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit.


Product Details

  • Paperback: 217 pages
  • Publisher: Addison-Wesley Professional; 1 edition (January 9, 2005)
  • Language: English
  • ISBN-10: 0321703251
  • ISBN-13: 978-0321703255
  • Product Dimensions: 9.1 x 7.1 x 0.8 inches
  • Shipping Weight: 13.6 ounces (View shipping rates and policies)
  • Average Customer Review: 4.7 out of 5 stars  See all reviews (16 customer reviews)
  • Amazon Best Sellers Rank: #2,169,701 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews
22 of 23 people found the following review helpful
4.0 out of 5 stars Brief but intense January 24, 2005
Format:Hardcover
They say it's good to leave your audience wanting more, but I'm not sure how correct that is with tech books. In this case I am definitely wanting more. About a third of the book is on basic operating system introductory material. The rest of the book starts to get in-depth on file system analysis, hacker trapping, and some basic data analysis. But then it ends. And I wanted more.

Definitely a good start at file system analysis, specifically on Unix machines. But you will definitely be left wanting more of the same.
Comment | 
Was this review helpful to you?
13 of 13 people found the following review helpful
5.0 out of 5 stars Small on size, but big on detail March 11, 2005
Format:Hardcover
This book is small, but it is packed with information. The book is easy to read. I learned a thing or two myself about UNIX filesystems regarding forensics. Every serious security practioner should read this book.
Comment | 
Was this review helpful to you?
12 of 12 people found the following review helpful
5.0 out of 5 stars Great Information from Two Network Security Legends April 11, 2005
Format:Hardcover
I have learned a lot from other computer forensics books such as Harlan Carvey's Windows Forensics and Incident Recovery or Kevin Mandia and Chris Prosise's Incident Response and Computer Forensics - 2nd Edition, but this one has a slightly different approach and conveys a lot of good, detailed information in a relatively concise book.

The book is aimed at readers who wish to gain a deeper understanding of how computer systems work, particularly system administrators or those who may actually be tasked with performing a forensic investigation. The book does assume some level of computer knowledge such as the basic concepts of networking, system processes or file systems and is not intended for pure novices.

Farmer and Venema focus a fair amount of attention on the concept of time and how to use it in a forensic investigation. They also highlight a sort of order of operations for how to proceed to try and ensure you retrieve volatile data before it disappears.

Computer forensics is an area of network and computer security that I am particularly interested in. This is an excellent book which I highly recommend. It is well-written and very educational, but it is also a fairly quick read.

[...]
Comment | 
Was this review helpful to you?
11 of 11 people found the following review helpful
5.0 out of 5 stars Superb forensics book on evidence discovery April 19, 2005
Format:Hardcover
I enjoyed the book ("Forensic Discovery") since it came when I was preparing for my SANS forensics certification (GCFA). Obviously, the "household" names on the cover caught my attention as well. I used TCT and other tools created by the authors and thus my expectations for the book were pretty high. It did deliver! I picked up a whole lot of tidbits on file system forensics as well as malware and compromised system investigation. Unlike some other volumes, this book does not seek to be comprehensive; instead, it focuses on the fun things and focuses on them well.

In particular, I liked authors' ideas and tips on the OOV (order of volatility) of evidence. While not new, they are extremely well-presented in the book. Other highly useful sections were the ones on time stamps and their analysis and file deletion analysis (with thorough persistence of deleted file analysis). I did not like the sections on malware analysis that much, likely because some other book go way more in-depth then this one (like, for example recent Szor's book on viruses).

The book mostly covers Unix, Windows is also mentioned a couple of times.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org
Comment | 
Was this review helpful to you?
9 of 10 people found the following review helpful
5.0 out of 5 stars Forensic Discovery is a great resource July 3, 2005
Format:Hardcover
I read forensic discovery last week on the plane home from San Francisco. After a few chapters I was hooked and could barely put it down to eat. This book is absolutely recommended for anyone at all interested in security concepts as well as system administrators or anyone who would need to understand the way that information exists and persists on computer systems.
Comment | 
Was this review helpful to you?
14 of 17 people found the following review helpful
5.0 out of 5 stars A focused look at digital forensics by two pioneers January 31, 2005
Format:Hardcover
Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. 'Forensic Discovery' unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder. I highly recommend reading this book.

I appreciate books that don't rehash previously published material. Plenty of authors have written books with the word 'forensics' in the title, and many impart little or no useful or original information. (Exceptions include this book, along with Mandia and Prosise's 'Incident Response and Computer Forensics, 2nd Ed' and Jones' 'Real Digital Forensics,' forthcoming.) While 'Forensic Discovery' discusses concepts familiar to kernel developers or others with low-level operating system knowledge, the book is useful because it places such details in the concept of a security investigation.

'Forensic Discovery' is exactly the sort of forensic book I enjoy, because it is primarily concerned with intrusions. Broadly speaking, there are two types of 'forensic investigators:' those that know how to image a hard drive and search for pornography, and those that know how to respond to and investigate an intrusion. Farmer and Venema are clearly in the second category, and their examples focus on intrusion scenarios rather than workplace misuse of the Internet. Their statement regarding the conservative approach advocated by the US DoJ on p. 195 makes their stance clear.

Chapters 6 and 8 were two of my favorites. Ch 6 discusses virtual machines, system call and library monitoring, and debugging. The authors also show the relationship between disassembled code and decompiled C source code. Ch 8 offers a solid introduction to virtual memory managers.
Read more ›
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
4.0 out of 5 stars Information Overload
I made the mistake of reading this as my very first digital forensics book and I was admittedly quite overwhelmed. Read more
Published 12 months ago by Evan Dingman
5.0 out of 5 stars Where is part 2??
This book will definitely leave you wanting more. This is very informative for those who like criminal justice and/or computers. Read more
Published on July 23, 2008 by Angeli's Mom
5.0 out of 5 stars A Neophyte's Perspective
While I'm not a computer security specialist, by any means, nor do I even
have a lot of in depth knowledge regarding computers in general, I was
surprised at how much I... Read more
Published on June 26, 2007 by J. London
4.0 out of 5 stars Nice look at Unix forensics!
I must admit that some parts of this book are "over my head". However, this book packs quite a punch with much insight into forensics and explanations that are detailed and... Read more
Published on September 1, 2006 by Mark Nenadov
5.0 out of 5 stars More informative than books twice its size
This book is full of information on every single step involved in forensic incident response. I've had articles published on this same topic, and found this book informative above... Read more
Published on May 16, 2005 by Marisa Mack
4.0 out of 5 stars A fresh perspective on computer forensics
I've been doing computer security for a good many years at this point, but I've never been much of a forensics person. Read more
Published on February 22, 2005 by James Rogers
5.0 out of 5 stars Amazine Book
You hear on the news once in a while about what the authorities have found on a computer system owned by the bad guys. Read more
Published on February 16, 2005 by John Matlock
4.0 out of 5 stars Hard-core information for the security specialist...
Security professionals who find themselves trying to piece together an attack will find a lot of value in the book Forensic Discovery by Dan Farmer and Wietse Venema... Read more
Published on February 1, 2005 by Thomas Duff
Search Customer Reviews
Search these reviews only

What Other Items Do Customers Buy After Viewing This Item?


Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Forums

There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
Topic:
First post:
Prompts for sign-in
 



Look for Similar Items by Category