1 of 5 people found the following review helpful
Excellent introduction to Linux forensics, ideal for those starting out or Windows centric examiner who is curious about Linux,
This review is from: UNIX and Linux Forensic Analysis DVD Toolkit (Paperback)
The first few chapters leads the reader gently into appreciating the differences between Windows and *nix based nomenclature. There are a number of practical tools covered which would assist any Windows investigator to perform post forensic analysis. The tools needed to get the job done on *nix boxes are covered more than adequately. Chapter 4 introduces the reader to some practical advice on triage and live data analysis, there are some useful practical exercises using search techniques and the author shares his experience offering some good practical advice on narrowing the search to relevant areas of investigation. Chapter 5 provides some of the best examples I have seen of the "top 10 hacking" tools covered. This should inspire any reader to appreciate how best to investigate against such "tools". This chapter inspires the reader to conduct their own research in a laboratory environment with just enough of a sweetener provided in the examples to encourage them to do so. Chapter 6 takes the reader on an insightful tour of the /proc filesystem highlighting some of the key areas an investigator needs to know in terms of live analysis and key areas for volatile data capture. There's small additional section on the sysfs which covers additional areas of interest relevant to the investigator. Included in this chapter is an insightful walkthru of an investigation further re-enforcing the ideas presented by the author. Chapter 7 guides the reader through the filesystem, highlighting key areas such as configuration files. The author also provides the reader with some inventive techniques for investigation. Although a short chapter it concisely provides enough detail to assist the reader in their investigations. Chapter 8 contains detailed instructions on the use and installation of anti-virus/malware software with a good overview provided by the author of Linux file permissions/security. The final appendix is a worthy addition providing a good overview of auditing and logging not just on *nix but includes, Windows, firewalls, router, IDS and IPS systems. It provides a complementary addition to the literature.
The author has sought to introduce the reader to a very wide subject area, which considering the diversity of Unices is a brave and audacious move. It is quite amazing how much the author has managed to cover and condense into only 8 chapters and an appendix. The authors clearly have a vast amount of forensic experience especially with regard to incident response, providing practical and sound advice to the reader. There are a number of other sources hinted at by the authors which shows thorough research benefiting this literature and ultimately the reader. This book provides the reader with a perfect introduction to UNIX and Linux Forensic Analysis, additional it should also benefit forensic investigators from the Windows centric world in grasping some of the power available with Linux and Open Source tools. This should allow the reader to complement their own arsenal of investigation tools and techniques with a complementary set of Linux forensic CDs and methodology. This is a book I would heartily recommend to experienced computer forensic examiners and those starting out. Especially to those investigators more used to the Windows environment. The book is clearly an introduction and hints at more to come. I very much look forward to reading more material from the authors covering more advanced topics in their next book. The final paragraph of the synopsis clearly says it all.