Best Books of the Month Shop Men's Shoes Learn more nav_sap_plcc_6M_fly_beacon $5 Albums All-New Amazon Fire TV Grocery Amazon Gift Card Offer jrscwrld jrscwrld jrscwrld  Amazon Echo Starting at $49.99 Kindle Voyage AutoRip in CDs & Vinyl Fall Arrivals in Amazon Outdoor Clothing STEM Toys & Games

Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your email address or mobile phone number.

Real Digital Forensics: Computer Security and Incident Response

16 customer reviews
ISBN-13: 078-5342240696
ISBN-10: 9780321240699
Why is ISBN important?
This bar-code number lets you verify that you're getting exactly the right version or edition of a book. The 13-digit and 10-digit formats both work.
Scan an ISBN with your phone
Use the Amazon App to scan ISBNs and compare prices.
Have one to sell? Sell on Amazon
Buy used
Buy new
More Buying Choices
36 New from $35.99 47 Used from $3.14
Free Two-Day Shipping for College Students with Amazon Student Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student

Save up to 80% on Textbook Rentals Rent Textbooks
$41.61 FREE Shipping. Only 8 left in stock (more on the way). Ships from and sold by Gift-wrap available.

Frequently Bought Together

  • Real Digital Forensics: Computer Security and Incident Response
  • +
  • File System Forensic Analysis
Total price: $87.68
Buy the selected items together

Editorial Reviews

From the Back Cover

You can't succeed in the field of computer forensics without hands-on practice—and you can't get hands-on practice without real forensic data. The solution: Real Digital Forensics. In this book, a team of world-class computer forensics experts walks you through six detailed, highly realistic investigations and provides a DVD with all the data you need to follow along and practice.

From binary memory dumps to log files, this DVD's intrusion data was generated by attacking live systems using the same tools and methods real-world attackers use. The evidence was then captured and analyzed using the same tools the authors employ in their own investigations. This book relies heavily on open source tools, so you can perform virtually every task without investing in any commercial software.

You'll investigate environments ranging from financial institutions to software companies and crimes ranging from intellectual property theft to SEC violations. As you move step by step through each investigation, you'll discover practical techniques for overcoming the challenges forensics professionals face most often.

Inside, you will find in-depth information on the following areas:

  • Responding to live incidents in both Windows and Unix environments

  • Determining whether an attack has actually occurred

  • Assembling a toolkit you can take to the scene of a computer-related crime

  • Analyzing volatile data, nonvolatile data, and files of unknown origin

  • Safely performing and documenting forensic duplications

  • Collecting and analyzing network-based evidence in Windows and Unix environments

  • Reconstructing Web browsing, e-mail activity, and Windows Registry changes

  • Tracing domain name ownership and the source of e-mails

  • Duplicating and analyzing the contents of PDAs and flash memory devices

The accompanying DVD contains several gigabytes of compressed data generated from actual intrusions. This data mirrors what analysts might find in real investigations and allows the reader to learn about forensic investigations in a realisticsetting.

© Copyright Pearson Education. All rights reserved.

About the Author

Keith Jones (Alexandria, VA) heads the forensics practice at Red Cliff Consulting. Former military intelligence officer Richard Bejtlich (Manassas Park, VA) is a security engineer at ManTech International Corporation's Computer Forensics and Intrusion Analysis division. A recognized authority on computer security, he has extensive experience with network security monitoring, incident response, and forensics. Curtis Rose (Alexandria, VA) is vice president of Red Cliff and an industry-recognized expert in computer security with more than eighteen years experience in investigations, computer forensics, technical, and information security.

See all Editorial Reviews

Best Books of the Month
Best Books of the Month
Want to know our Editors' picks for the best books of the month? Browse Best Books of the Month, featuring our favorite new books in more than a dozen categories.

Product Details

  • Paperback: 688 pages
  • Publisher: Addison-Wesley Professional (October 3, 2005)
  • Language: English
  • ISBN-10: 9780321240699
  • ISBN-13: 978-0321240699
  • ASIN: 0321240693
  • Product Dimensions: 7 x 1.7 x 9.2 inches
  • Shipping Weight: 2.2 pounds (View shipping rates and policies)
  • Average Customer Review: 4.5 out of 5 stars  See all reviews (16 customer reviews)
  • Amazon Best Sellers Rank: #371,997 in Books (See Top 100 in Books)

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

35 of 36 people found the following review helpful By W Boudville HALL OF FAMETOP 1000 REVIEWERVINE VOICE on October 5, 2005
Format: Paperback
There have been several authoritative books on computer forensics. (Including "Tao of Network Security Monitoring" by Bejtlich.) But this "Real Digital Forensics" book breaks new ground. Not in the theoretical modelling of an attack or countermeasures against it. Instead, there are several indepth case studies, that key off data given in the book's DVD. And the latter is a DVD, not a CD. The authors needed the multigigabyte capacity to store the provided data. Even then, these are compressed. This should give you some feeling of the book's emphasis.

The authors address a serious lack in this field. How does someone [you] gain experience analysing a real attack? Without already being employed at a company experiencing such an event? In response, the authors made several scenarios that, they claim, reflect what actual attackers would likely have done.

This is an experimental book. There is no overarching elegant theory. You are meant to roll up your sleeves and tackle each case. En route, the book shows how, as a defender, you can use several open source packages to dissect the attack, as well as impose countermeasures. Which is another nice feature. Those packages are free. It makes your forensics education very cheap, in terms of explicit capital outlay.

Which is not to say that the book ignores commercial forensic tools. But the authors have a clear preference for open source, with which you might well concur.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
18 of 19 people found the following review helpful By Dx21, LLC on December 7, 2005
Format: Paperback
There is a real lack of well written books in this category, and this one stands out because it is comprehensive, yet easy to digest and carefully laid out, including case studies to understand data capture and analysis techniques.

The progression of the chapters mirror an investigative process; there is discussion of how to properly handle digital evidence, how to make a duplicate of the source data, and how to make sense of what you have collected. There are many real-world type case studies in the beginning of the book that could easily read off the front of any newspaper, and the captured evidence is on the included DVD for you to search to find the "smoking gun". Very well done.

The book takes the unusual role of discussing not only the more popular commercial tools like EnCase or Forensic Tool Kit, but also all the open source tools available for free, which is a real plus if you don't have the deep pockets required for the retail products. The book also does an excellent job of explaining the advantages and shortcomings of all the products discussed, something not often seen in technical books. Along with the open source discussion are source web sites for downloading the tools. The accompanying DVD is packed with stuff to get you started. The book is filled with well illustrated screen shots to help you orient yourself when trying the programs yourself.

Be forewarned, this book assumes a pretty reasonable amount of technical knowledge and while it addresses the commercial products available on the Win32 platform, a lot of tools and utilities referenced are written for Linux. While a novice investigator can certainly find value in the book, there is a lot of "meat" that even a seasoned professional will find useful.

This is definitely the best book currently available on data forensic investigations.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
18 of 20 people found the following review helpful By Dr Anton Chuvakin on November 3, 2005
Format: Paperback
Bejtlich, Jones and Rose 'Real Digital Forensics' is as practical as a printed book can be. In a very methodical fashion, the authors cover live response (Unix, Windows), network-based forensics following the NSM model (Unix, Windows), forensics duplication, common forensics analysis techniques (such as file recovery and Internet history review), hostile binary analysis (Unix, Windows), creating a forensics toolkit and PDA, flash and USB drive forensics. Is that it? :-)Well, there is some other fun stuff too. In other words, the book is both comprehensive and in-depth; following the text and trying the investigations using the enclosed DVD definitely presents an effective way to learn forensic techniques. I would recommend the book to all security professionals (even those not directly involved with forensics on a daily basis).

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II" and the upcoming "Hacker's Challenge III". In his spare time, he maintains his security portal and his blog at O'Reilly. His next book will be about security log analysis.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
9 of 9 people found the following review helpful By Diane Barrett on January 26, 2006
Format: Paperback
As an author and instructor, I tend to be pretty picky about the books I choose to read and use in my classes. The authors present the material in a good logical progression. I especially like that it also provides sample evidence on the DVD. Most of the computer forensic books that currently exist contain mostly theory. This is the first good hands-on text that I have seen.

The authors have captured a good cross section of scenarios and then guide you through each case in-depth, offering practical solutions when faced with obstacles. The content provides methodologies, techniques, and tools that anyone can use. In addition it covers a variety of media such as USB memory and Palm devices.

This is a book that I will definitely keep. It is one of the best forensic investigations books currently on the market and would be a great asset to anyone wishing to enhance their skills.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more
Real Digital Forensics: Computer Security and Incident Response
This item: Real Digital Forensics: Computer Security and Incident Response
Price: $41.61
Ships from and sold by

Want to discover more products? Check out these pages to see more: ebay books, computer security, computer network