UNIX and Linux Forensic Analysis DVD Toolkit and over one million other books are available for Amazon Kindle. Learn more
Trade in your item
Get a $6.00
Gift Card.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more

UNIX and Linux Forensic Analysis DVD Toolkit Paperback

ISBN-13: 978-1597492690 ISBN-10: 1597492698 Edition: 1st

See all 2 formats and editions Hide other formats and editions
Amazon Price New from Used from Collectible from
Kindle
"Please retry"
Paperback
"Please retry"
$750.00 $272.91

Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student



NO_CONTENT_IN_FEATURE

Sell Your Books
Get up to 75% back when you sell your books on Amazon. Ship your books for free and get Amazon.com Gift Cards. Learn more.

Product Details

  • Paperback: 248 pages
  • Publisher: Syngress; 1 edition (June 30, 2008)
  • Language: English
  • ISBN-10: 1597492698
  • ISBN-13: 978-1597492690
  • Product Dimensions: 9.2 x 7.5 x 0.6 inches
  • Shipping Weight: 1.2 pounds
  • Average Customer Review: 2.8 out of 5 stars  See all reviews (5 customer reviews)
  • Amazon Best Sellers Rank: #1,930,295 in Books (See Top 100 in Books)

Editorial Reviews

About the Author

Chris Pogue has spent the past five years as part of the IBM Ethical Hacking Team. He was tasked with emulating the actions of an actual malicious attacker with the intention of assisting customers to identify and eliminate probable attack vectors. Chris has worked on over 3000 exploitation attempts for both internal IBM systems as well as third party customers. Chris is also a former US Army Warrant Officer and has worked with the Army Reserve Information Operations Command (ARIOC) on Joint Task Force (JTF) missions with the National Security Agency (NSA), Department of Homeland Security, Regional Computer Emergency Response Team-Continental United States (RCERT-CONUS), and the Joint Intelligence Center-Pacific (JICPAC). Chris attended Forensics training at Carnegie Mellon University in Pittsburgh, Pennsylvania, and holds a Master's degree in Information Security. He is a Certified Information Systems Security Professional (CISSP) and a Certified Ethical Hacker (CEH). Chris also holds a Top Secret (TS) security clearance from the Department of Defense.

Cory Altheide is a Security Engineer at Google, focused on forensics and incident response. Prior to returning to Google, Cory was a principal consultant with MANDIANT, an information security consulting firm that works with the Fortune 500, the defense industrial base and the banks of the world to secure their networks and combat cyber-crime. In this role he responded to numerous incidents for a variety of clients. Cory has authored several papers for the computer forensics journal Digital Investigation and was a contributing author for UNIX and Linux Forensic Analysis (2008) & The Handbook Of Digital Forensics and Investigation (2010). Additionally, Cory is a recurring member of the program committee of the Digital Forensics Research Workshop (DFRWS).


More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

2.8 out of 5 stars
5 star
2
4 star
0
3 star
0
2 star
1
1 star
2
See all 5 customer reviews
By "incomplete" I mean that it is apparent that the author decided to quit writing.
P. Knight
A discussion of Nmap and netcat are vital to this book, but many hackers won't take the time to install Wireshark with it's size and GUI.
Jesse G. Lands
The target audience for this book is someone who has little or no knowledge in linux or unix internals and security.
R. Chae

Most Helpful Customer Reviews

13 of 13 people found the following review helpful By P. Knight on October 16, 2009
Format: Paperback Verified Purchase
The title may mislead readers to believe that this book discusses actual forensics of Unix and Linux systems. It does not. The authors waste precious pages in this short book discussing their favorite cool Linux apps like Nessus and Metasploit but don't have any meaningful discussion about the various flavors of Unix: AIX, Solaris, *BSD, etc. Their "Unix and Linux" forensic book is almost entirely about Linux. There is no thoughtful discussion about filesystem forensics; no technical detail helpful to Forensic Examiners.

The few moments where the authors approach a meaningful forensic topic, the reader is redirected to an online resource rather than provided an analysis or explanation within the book.

The book title may lead readers to believe that an accompanying DVD contains a Unix forensic toolkit of some kind. In fact, there is only 1.8 MB of documents and no tools save for a few (4) short Bash scripts that hardly cover a thorough forensics examination: live or otherwise. One of the scripts is only one line. One of these documents is an incomplete 3.5 page summary of Sleuthkit tools. By "incomplete" I mean that it is apparent that the author decided to quit writing. Apparently there was no room in this 236 page, 14-gauge font book to cover in any detail the different Unix filesystems, data acquisition, data carving or static filesystem analysis. But the authors make plenty of room to discuss scanning with Unix tools (nmap, nessus, etc.).

There is a section entitled "Malware" except that no malware sample is actually examined. The reader is briefly introduced to Panda's AV scanner and is walked through how to use ClamAV as if that is the only AV scanner available for either a Unix user or Forensic Examiner.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 6 people found the following review helpful By R. Chae on February 9, 2009
Format: Paperback Verified Purchase
I don't often write reviews, but after reading this book, I decided to write one. Not because this book was excellent, but because I was quite disappointed. I am not an expert in *nix security by any means; however, this book is exteremly basic. The target audience for this book is someone who has little or no knowledge in linux or unix internals and security.
If you already know unix or linux, but are not familiar with tools like Nessus, nmap, wireshark, tcpdump, netcat, etc... just go directly to [...], where you can find the compilied list of the top 100 security tools from the nmap-hackers mailing list.

What a waste of time and money.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
2 of 2 people found the following review helpful By Jesse G. Lands on March 8, 2011
Format: Paperback Verified Purchase
While I was expecting a book similar to the Syngress publication Windows Forensics Analysis by Harlan Carvey I was given more of a Linux for Dummies with a Forensic emphasis.
I'll break it down by chapter to make things a little more understandable. The introduction Chapter one was the standard why am I writing this and what will I cover. It seemed like that was a good start. Unfortunately things when south with Chapter 2. Introduction to UNIX: I'm sorry did I miss the UNIX in it? The focus was Ubuntu Linux. While a forensic analyst should be able to examine Linux systems, that wasn't the title of the book. UNIX was first, but UNIX was hardly mentioned. There are similarities, but not to the extent that the author makes the reader believe. At the time of my reading this book I was working on forensic analysis of a Solaris system and a CentOS system. I was able to use maybe 10 to 15 percent of the content for the Solaris system and if I was lucky 50% for the CentOS system.
Chapter 3 Live Response: Data Collection- there was no Live Response. In short there was very little about what the responder should collect and what is useless information. Much of the chapter was spent on a Log Book and various live CD/DVD Linux distributions that are available. There is a slight discussion of how to collect drive images, but even that is outdated at the time of writing. Two years prior to the writing I was collecting images from Terabyte systems.
Chapter 4 is about Initial Triage and Data Analysis- I'm sorry what? We've already collected the image? Why do we go back to triage? Why are we now just concerned with the network?
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
Format: Paperback
The first few chapters leads the reader gently into appreciating the differences between Windows and *nix based nomenclature. There are a number of practical tools covered which would assist any Windows investigator to perform post forensic analysis. The tools needed to get the job done on *nix boxes are covered more than adequately. Chapter 4 introduces the reader to some practical advice on triage and live data analysis, there are some useful practical exercises using search techniques and the author shares his experience offering some good practical advice on narrowing the search to relevant areas of investigation. Chapter 5 provides some of the best examples I have seen of the "top 10 hacking" tools covered. This should inspire any reader to appreciate how best to investigate against such "tools". This chapter inspires the reader to conduct their own research in a laboratory environment with just enough of a sweetener provided in the examples to encourage them to do so. Chapter 6 takes the reader on an insightful tour of the /proc filesystem highlighting some of the key areas an investigator needs to know in terms of live analysis and key areas for volatile data capture. There's small additional section on the sysfs which covers additional areas of interest relevant to the investigator. Included in this chapter is an insightful walkthru of an investigation further re-enforcing the ideas presented by the author. Chapter 7 guides the reader through the filesystem, highlighting key areas such as configuration files. The author also provides the reader with some inventive techniques for investigation. Although a short chapter it concisely provides enough detail to assist the reader in their investigations.Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Product Images from Customers

Search
ARRAY(0xa6fc1564)

What Other Items Do Customers Buy After Viewing This Item?