Customer Reviews

15
4.5 out of 5 stars
Real Digital Forensics: Computer Security and Incident Response
Format: PaperbackChange
Price:$45.60 + Free shipping with Amazon Prime
Your rating(Clear)Rate this item


There was a problem filtering reviews right now. Please try again later.

35 of 36 people found the following review helpful
Format: Paperback
There have been several authoritative books on computer forensics. (Including "Tao of Network Security Monitoring" by Bejtlich.) But this "Real Digital Forensics" book breaks new ground. Not in the theoretical modelling of an attack or countermeasures against it. Instead, there are several indepth case studies, that key off data given in the book's DVD. And the latter is a DVD, not a CD. The authors needed the multigigabyte capacity to store the provided data. Even then, these are compressed. This should give you some feeling of the book's emphasis.

The authors address a serious lack in this field. How does someone [you] gain experience analysing a real attack? Without already being employed at a company experiencing such an event? In response, the authors made several scenarios that, they claim, reflect what actual attackers would likely have done.

This is an experimental book. There is no overarching elegant theory. You are meant to roll up your sleeves and tackle each case. En route, the book shows how, as a defender, you can use several open source packages to dissect the attack, as well as impose countermeasures. Which is another nice feature. Those packages are free. It makes your forensics education very cheap, in terms of explicit capital outlay.

Which is not to say that the book ignores commercial forensic tools. But the authors have a clear preference for open source, with which you might well concur.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
18 of 19 people found the following review helpful
on December 7, 2005
Format: Paperback
There is a real lack of well written books in this category, and this one stands out because it is comprehensive, yet easy to digest and carefully laid out, including case studies to understand data capture and analysis techniques.

The progression of the chapters mirror an investigative process; there is discussion of how to properly handle digital evidence, how to make a duplicate of the source data, and how to make sense of what you have collected. There are many real-world type case studies in the beginning of the book that could easily read off the front of any newspaper, and the captured evidence is on the included DVD for you to search to find the "smoking gun". Very well done.

The book takes the unusual role of discussing not only the more popular commercial tools like EnCase or Forensic Tool Kit, but also all the open source tools available for free, which is a real plus if you don't have the deep pockets required for the retail products. The book also does an excellent job of explaining the advantages and shortcomings of all the products discussed, something not often seen in technical books. Along with the open source discussion are source web sites for downloading the tools. The accompanying DVD is packed with stuff to get you started. The book is filled with well illustrated screen shots to help you orient yourself when trying the programs yourself.

Be forewarned, this book assumes a pretty reasonable amount of technical knowledge and while it addresses the commercial products available on the Win32 platform, a lot of tools and utilities referenced are written for Linux. While a novice investigator can certainly find value in the book, there is a lot of "meat" that even a seasoned professional will find useful.

This is definitely the best book currently available on data forensic investigations.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
17 of 19 people found the following review helpful
Format: Paperback
Bejtlich, Jones and Rose 'Real Digital Forensics' is as practical as a printed book can be. In a very methodical fashion, the authors cover live response (Unix, Windows), network-based forensics following the NSM model (Unix, Windows), forensics duplication, common forensics analysis techniques (such as file recovery and Internet history review), hostile binary analysis (Unix, Windows), creating a forensics toolkit and PDA, flash and USB drive forensics. Is that it? :-)Well, there is some other fun stuff too. In other words, the book is both comprehensive and in-depth; following the text and trying the investigations using the enclosed DVD definitely presents an effective way to learn forensic techniques. I would recommend the book to all security professionals (even those not directly involved with forensics on a daily basis).

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II" and the upcoming "Hacker's Challenge III". In his spare time, he maintains his security portal info-secure.org and his blog at O'Reilly. His next book will be about security log analysis.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
9 of 9 people found the following review helpful
on January 26, 2006
Format: Paperback
As an author and instructor, I tend to be pretty picky about the books I choose to read and use in my classes. The authors present the material in a good logical progression. I especially like that it also provides sample evidence on the DVD. Most of the computer forensic books that currently exist contain mostly theory. This is the first good hands-on text that I have seen.

The authors have captured a good cross section of scenarios and then guide you through each case in-depth, offering practical solutions when faced with obstacles. The content provides methodologies, techniques, and tools that anyone can use. In addition it covers a variety of media such as USB memory and Palm devices.

This is a book that I will definitely keep. It is one of the best forensic investigations books currently on the market and would be a great asset to anyone wishing to enhance their skills.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
10 of 11 people found the following review helpful
on February 11, 2006
Format: Paperback
This book is written in such a style that is easy to understand, yet technical and detailed enough to maintain your interest and attention all the way through.

The book presents several ways of accomplishing the same tasks in a non-biased, non-vendor-specific way. It explores the use of free, open-source tools as well as commercial offerings, and drills down into forensic analysis of both Windows and Unix/Linux Operating Systems.

The included CD contains actual forensic data and a few tools, which is both interesting and exciting to use while following along with the lessons in the book.

After receiving this book and opening it to the first page, I was almost unable to set it down until I finished it. I received it on a Friday afternoon and I had completed reading it by the end of the weekend. I highly recommend this book to anyone with an interest in Computer or Network Security.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
3 of 3 people found the following review helpful
on July 1, 2008
Format: Paperback
OK. What more do you need to know? This book is written by three gentlemen who live, eat and breathe computer incident response & forensics. The fact that they present the information in a well written and easy to follow format is just a bonus! If you're one of those "I wanna do it" types like me, you'll read through the material and then tackle the provided data to see if you can solve the crime. A great starting point for future incident responders and folks who want to know more about computer forensics.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
3 of 3 people found the following review helpful
on August 18, 2011
Format: Paperback
Even though this book Real Digital Forensics was published in 2006, it is a must read for any Security & Incident Response Cyber Analyst. It would be nice if it had a revised edition to cover Windows Vista, Windows 7, and many other technologies that have come into play these past five years and the new emerging technologies.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
on May 6, 2014
Format: PaperbackVerified Purchase
This book is an unbelievable collection of forensics information that I cannot believe can be found all in one text. The book starts off going into a deep technical discussion of network inspection. Then, it talks about forensics of data recovery, and the registry, and browser history. It gets very deep into low level assembly language analysis in chapters 13, 14, and 15. Chapter 13 introduces reverse engineering of a executable under Linux which you build with gcc. Then, you inspect its inner components using various forensics software. Then, chapter 14 looks at malware and you it shows you how to dissect the application to see what it is built to do. Chapter 15 draws upon the lessons in 13 and 14 by applying the concepts to the Windows platform. Then, chapter 16 and 17 discuss how to build your own livecd. The book later discusses email forensics and how to track spam to its original sender. Great book! I can't even describe how much I feel I benefited from this book. I am an aspiring penetration tester and malware analyst. This forensics book helped me learn a whole lot about analyzing code.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
on March 31, 2015
Format: PaperbackVerified Purchase
So far most of the information is good, but at the same time due to publication date it is somewhat out of date. Concepts do not change, while tools and methods are always undergoing updates. A lot of research outside of the text is necessary for a more full understanding of what is available. I have it mainly because it is the required text for a class I am taking.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
on February 7, 2014
Format: PaperbackVerified Purchase
I love this book, it looks complicated but once you start understanding what's going on you'll find it extreme helpful. All the linux command in the book are helpful and can use it as a command resource.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
     
 
Customers who viewed this also viewed
Incident Response & Computer Forensics, Third Edition
Incident Response & Computer Forensics, Third Edition by Jason T. Luttgens (Paperback - August 8, 2014)
$39.09


 
     

Send us feedback

How can we make Amazon Customer Reviews better for you?
Let us know here.

Your Recently Viewed Items and Featured Recommendations 
 

After viewing product detail pages, look here to find an easy way to navigate back to pages you are interested in.