Buy New
$44.94
Qty:1
  • List Price: $54.99
  • Save: $10.05 (18%)
Only 1 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
Forensic Discovery (paper... has been added to your Cart
Trade in your item
Get a $3.48
Gift Card.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Forensic Discovery (paperback) Paperback – January 9, 2005

ISBN-13: 978-0321703255 ISBN-10: 0321703251 Edition: 1st

Buy New
Price: $44.94
13 New from $40.33 10 Used from $40.10
Amazon Price New from Used from
Paperback
"Please retry"
$44.94
$40.33 $40.10
Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

$44.94 FREE Shipping. Only 1 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.

Frequently Bought Together

Forensic Discovery (paperback) + Computer Forensics: Principles and Practices + Guide to Computer Forensics and Investigations (Book & CD)
Price for all three: $243.90

Buy the selected items together

NO_CONTENT_IN_FEATURE

Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 217 pages
  • Publisher: Addison-Wesley Professional; 1 edition (January 9, 2005)
  • Language: English
  • ISBN-10: 0321703251
  • ISBN-13: 978-0321703255
  • Product Dimensions: 9.1 x 7.1 x 0.8 inches
  • Shipping Weight: 13.6 ounces (View shipping rates and policies)
  • Average Customer Review: 4.7 out of 5 stars  See all reviews (16 customer reviews)
  • Amazon Best Sellers Rank: #1,866,992 in Books (See Top 100 in Books)

Editorial Reviews

From the Back Cover

"Don't look now, but your fingerprints are all over the cover of this book. Simply picking it up off the shelf to read the cover has left a trail of evidence that you were here.

    "If you think book covers are bad, computers are worse. Every time you use a computer, you leave elephant-sized tracks all over it. As Dan and Wietse show, even people trying to be sneaky leave evidence all over, sometimes in surprising places.

    "This book is about computer archeology. It's about finding out what might have been based on what is left behind. So pick up a tool and dig in. There's plenty to learn from these masters of computer security."
   --Gary McGraw, Ph.D., CTO, Cigital, coauthor of Exploiting Software and Building Secure Software

"A wonderful book. Beyond its obvious uses, it also teaches a great deal about operating system internals."
   --Steve Bellovin, coauthor of Firewalls and Internet Security, Second Edition, and Columbia University professor

"A must-have reference book for anyone doing computer forensics. Dan and Wietse have done an excellent job of taking the guesswork out of a difficult topic."
   --Brad Powell, chief security architect, Sun Microsystems, Inc.

"Farmer and Venema provide the essential guide to 'fossil' data. Not only do they clearly describe what you can find during a forensic investigation, they also provide research found nowhere else about how long data remains on disk and in memory. If you ever expect to look at an exploited system, I highly recommend reading this book."
   --Rik Farrow, Consultant, author of Internet Security for Home and Office

"Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. Forensic Discovery unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder."
   --Richard Bejtlich, technical director, ManTech CFIA, and author of The Tao of Network Security Monitoring

"Farmer and Venema are 'hackers' of the old school: They delight in understanding computers at every level and finding new ways to apply existing information and tools to the solution of complex problems."
   --Muffy Barkocy, Senior Web Developer, Shopping.com

"This book presents digital forensics from a unique perspective because it examines the systems that create digital evidence in addition to the techniques used to find it. I would recommend this book to anyone interested in learning more about digital evidence from UNIX systems."
   --Brian Carrier, digital forensics researcher, and author of File System Forensic Analysis

The Definitive Guide to Computer Forensics: Theory and Hands-On Practice

Computer forensics--the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators--is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject.

Dan Farmer and Wietse Venema cover both theory and hands-on practice, introducing a powerful approach that can often recover evidence considered lost forever.

The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a wide variety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one's own forensic tools. The authors are singularly well-qualified to write this book: They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.

After reading this book you will be able to

  • Understand essential forensics concepts: volatility, layering, and trust
  • Gather the maximum amount of reliable evidence from a running system
  • Recover partially destroyed information--and make sense of it
  • Timeline your system: understand what really happened when
  • Uncover secret changes to everything from system utilities to kernel modules
  • Avoid cover-ups and evidence traps set by intruders
  • Identify the digital footprints associated with suspicious activity
  • Understand file systems from a forensic analyst's point of view
  • Analyze malware--without giving it a chance to escape
  • Capture and examine the contents of main memory on running systems
  • Walk through the unraveling of an intrusion, one step at a time

The book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.

About the Author

Dan Farmer is author of a variety of security programs and papers. He is currently chief technical officer of Elemental Security, a computer security software company. Together he and Wietse Venema, have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit.

Wietse Venema has written some of the world's most widely used software, including TCP Wrapper and the Postfix mail system. He is currently a research staff member at IBM Research. Together, he and Dan Farmer have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit.


More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

4.7 out of 5 stars
5 star
11
4 star
5
3 star
0
2 star
0
1 star
0
See all 16 customer reviews
TCT is heavily referenced throughout the book.
Ben Rothke
I picked up a whole lot of tidbits on file system forensics as well as malware and compromised system investigation.
Dr Anton Chuvakin
They focus on unix and linux machines, though most of their work also pertains to Microsoft computers.
W Boudville

Most Helpful Customer Reviews

22 of 23 people found the following review helpful By Jack D. Herrington on January 24, 2005
Format: Hardcover
They say it's good to leave your audience wanting more, but I'm not sure how correct that is with tech books. In this case I am definitely wanting more. About a third of the book is on basic operating system introductory material. The rest of the book starts to get in-depth on file system analysis, hacker trapping, and some basic data analysis. But then it ends. And I wanted more.

Definitely a good start at file system analysis, specifically on Unix machines. But you will definitely be left wanting more of the same.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
12 of 12 people found the following review helpful By sixmonkeyjungle on April 11, 2005
Format: Hardcover
I have learned a lot from other computer forensics books such as Harlan Carvey's Windows Forensics and Incident Recovery or Kevin Mandia and Chris Prosise's Incident Response and Computer Forensics - 2nd Edition, but this one has a slightly different approach and conveys a lot of good, detailed information in a relatively concise book.

The book is aimed at readers who wish to gain a deeper understanding of how computer systems work, particularly system administrators or those who may actually be tasked with performing a forensic investigation. The book does assume some level of computer knowledge such as the basic concepts of networking, system processes or file systems and is not intended for pure novices.

Farmer and Venema focus a fair amount of attention on the concept of time and how to use it in a forensic investigation. They also highlight a sort of order of operations for how to proceed to try and ensure you retrieve volatile data before it disappears.

Computer forensics is an area of network and computer security that I am particularly interested in. This is an excellent book which I highly recommend. It is well-written and very educational, but it is also a fairly quick read.

[...]
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
13 of 13 people found the following review helpful By Kevin J. Schmidt on March 11, 2005
Format: Hardcover
This book is small, but it is packed with information. The book is easy to read. I learned a thing or two myself about UNIX filesystems regarding forensics. Every serious security practioner should read this book.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
11 of 11 people found the following review helpful By Dr Anton Chuvakin on April 19, 2005
Format: Hardcover
I enjoyed the book ("Forensic Discovery") since it came when I was preparing for my SANS forensics certification (GCFA). Obviously, the "household" names on the cover caught my attention as well. I used TCT and other tools created by the authors and thus my expectations for the book were pretty high. It did deliver! I picked up a whole lot of tidbits on file system forensics as well as malware and compromised system investigation. Unlike some other volumes, this book does not seek to be comprehensive; instead, it focuses on the fun things and focuses on them well.

In particular, I liked authors' ideas and tips on the OOV (order of volatility) of evidence. While not new, they are extremely well-presented in the book. Other highly useful sections were the ones on time stamps and their analysis and file deletion analysis (with thorough persistence of deleted file analysis). I did not like the sections on malware analysis that much, likely because some other book go way more in-depth then this one (like, for example recent Szor's book on viruses).

The book mostly covers Unix, Windows is also mentioned a couple of times.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
14 of 17 people found the following review helpful By Richard Bejtlich on January 31, 2005
Format: Hardcover
Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. 'Forensic Discovery' unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder. I highly recommend reading this book.

I appreciate books that don't rehash previously published material. Plenty of authors have written books with the word 'forensics' in the title, and many impart little or no useful or original information. (Exceptions include this book, along with Mandia and Prosise's 'Incident Response and Computer Forensics, 2nd Ed' and Jones' 'Real Digital Forensics,' forthcoming.) While 'Forensic Discovery' discusses concepts familiar to kernel developers or others with low-level operating system knowledge, the book is useful because it places such details in the concept of a security investigation.

'Forensic Discovery' is exactly the sort of forensic book I enjoy, because it is primarily concerned with intrusions. Broadly speaking, there are two types of 'forensic investigators:' those that know how to image a hard drive and search for pornography, and those that know how to respond to and investigate an intrusion. Farmer and Venema are clearly in the second category, and their examples focus on intrusion scenarios rather than workplace misuse of the Internet. Their statement regarding the conservative approach advocated by the US DoJ on p. 195 makes their stance clear.

Chapters 6 and 8 were two of my favorites. Ch 6 discusses virtual machines, system call and library monitoring, and debugging. The authors also show the relationship between disassembled code and decompiled C source code. Ch 8 offers a solid introduction to virtual memory managers.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews


What Other Items Do Customers Buy After Viewing This Item?