- Paperback: 288 pages
- Publisher: Syngress; 1 edition (April 28, 2011)
- Language: English
- ISBN-10: 1597495867
- ISBN-13: 978-1597495868
- Product Dimensions: 7.5 x 0.6 x 9.2 inches
- Shipping Weight: 1.4 pounds (View shipping rates and policies)
- Average Customer Review: 4.4 out of 5 stars See all reviews (33 customer reviews)
- Amazon Best Sellers Rank: #358,011 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Digital Forensics with Open Source Tools 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Featured IT certification guides sponsored by Pearson. Learn more.
Frequently bought together
Customers who bought this item also bought
"This is highly detailed material. Although the introductory chapter adopts an easy pace, with overviews of important technical concepts, most of the other chapters get right down to the practice of forensic analysis. This is not a book you’re going to want to read in bed: you’ll want this right next to a computer – preferably two or three computers running different operating systems – so that you can try the techniques for yourself as you work your way through. The authors admit that this book does not cover everything you need to know. For instance, it focuses entirely on ‘dead drive’ forensics – offline systems. Analysing running systems often requires high-level proprietary tools. But it does give an excellent grounding in the methods of digital forensic analysis and provides a valuable first step in learning the technicalities."--Network Security, May 2012, page 4
"Digital Forensics – MacGyver Style! The practical solutions of this book, Digital Forensics with Open Source Tools, save the day when commercial tools fail. During an incident, the clock ticks. Response teams scramble to pull anything together to solve the immediate challenge. Cory Altheide and Harlan Carvey take you through the tools and tactics that you need – the ones that in a pinch will get the job done. A welcome addition to my library."--Rob Lee, SANS Institute
"Intended for students and new computer professionals, or those new to open source applications, this guide to digital forensics provides practical instructions for many common tasks in data recovery and analysis using open source tools. Beginning with a discussion of setting up an open source examination platform and tool set, the work covers disk and file system analysis, Windows, GNU/Linux and Mac OS X systems and artifacts, Internet artifacts, file analysis and automated analysis. The volume includes numerous code examples and tips and tricks as well as an appendix of software tools."--Reference and Research Book News
"Intended for students and new computer professionals, or those new to open source applications, this guide to digital forensics provides practical instructions for many common tasks in data recovery and analysis using open source tools. Beginning with a discussion of setting up an open source examination platform and tool set, the work covers disk and file system analysis, Windows, GNU/Linux and Mac OS X systems and artifacts, Internet artifacts, file analysis and automated analysis. The volume includes numerous code examples and tips and tricks as well as an appendix of software tools. Chapter examples assume a basic knowledge of the Linux command line interface."--Reference and Research Book News
"The authors intended this book for two types of readers: complete novices in the world of digital forensics, and seasoned practitioners who are interested in learning more about open source tools that could help them in their work. And although it might seem difficult to merge the knowledge in such a way to make for an interesting book for both groups, in my opinion, the writers managed to do it beautifully."--Net-Security.org
From the Back Cover
Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of these tools on Linux and Windows systems as a platform for performing computer forensics. Both well known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts.
Browse award-winning titles. See more
If you are a seller for this product, would you like to suggest updates through seller support?
Top Customer Reviews
Through this book I can see the wideness of the knowledge of the authors, however, this book covers just too much aspects, which makes each topic unacceptably shallow. After reading this book, without reading tens of books that explicitly or implicitly referenced inside, you will feel yourself knows many things, but in fact for most things you can do nothing but name them. It does not help much if you want to really learn something deep.
Also, the authors writing style is kind loose. Just as I randomly scanning this book, look this paragraph "Microsoft states that the FAT32 file system can support disk up to 2Tb, but that Windows 2000 only supports partitions up to 32 GB. Using 4KB cluster, FAT32 users space more effciently; cluster size can range from 512 to 32 KB. The primary different between FAT16 and FAT32 is the logical partition size." I don't consider this a good scientific writing. From this paragraph, what would you learn, except some mere thin facts? I don't know why W2000 only support 32GB. I do not understand why using 4KB is "more efficient", and I do not know what is the difference in "partition size" between FAT16 and FAT32.
I feel this book is kind of fits in the "for dummy" series. It does provide a variety of information, but each aspect are so simple that you can't really learn something deeper. And for me, memorizing based on understanding, and thus there will very little reside in your brain after you reading this book.
1. As Cory and Harlan state in the introduction to Chapter 2, "Being able to build software properly is critical for an examiner using open source tools". Speaking as a seasoned examiner that consistently leverages the majority of the tools in DFWOST, we sometimes forget that the configuration of various interpreters (Perl, Python, Ruby) and the proper installation of tools from source are a difficult task for those new to open source tools. This technical hurdle often inhibits the adoption of open source utilities by even senior analysts. I believe Cory and Harlan had this hurdle in mind when authoring DFWOST, as they provide their readers with valuable information regarding these tasks. Chapter 2 does an excellent job of stepping the reader through the installation of various interpreters and utilities for both the Linux and Windows environments. Before I read DFWOST, I was curious if Cory and Harlan would leverage an available Linux-based live distro and bypass the topic of installation and configuration of an examination system all together. I was happy to see they they did not take this route, as dependency on a live distro can simply add a layer of abstraction for a new student.
2. Instead of bloating DFWOST with content that has been covered in depth in existing publications, Cory and Harlan opt to simply direct readers to these resources. Given both the author's resumes (and previous publications), they could of easily supplied this information in DFWOST to unnecessarily bulk this book up. For instance, when the topic of advanced Windows Registry analysis is mentioned, the reader is directed to Harlan's Windows Registry Forensics. This may be construed as self-serving, but the same is done when the topic of Windows binary (PE) analysis is entered. In this case, the reader is directed towards Malware Analyst's Cookbook by Ligh, Adiar, Hartstein, and Richard. In my opinion, both these publications are the definitive sources for their perspective topics. It is refreshing to see the authors direct their readers to the appropriate place, instead of diving into a topic that probably doesn't have the appropriate real estate dedicated for discussion in the first place.
As with any material these two authors provide to the community, DFWOST should be required reading for any examiner - not just open source hobbyists and newbies. I hope we see another great publication from both Cory and Harlan in the near future. They make a good team.
I teach digital forensic classes at the grad school level and also at a non-profit; in both classes to students of a wide range of skills I always recommend this book as a must read. It has something for everyone.
A lot of work has been put in that book. You definitely feel the sweat of the author putting all information together, the testing, the results.
If you start in Digital Forensics it might be slightly complex but it can easily be your second or third book in that matter.
If you're already an IT engineer or passionate and you want to explore the deep technical bit of digital forensics then go for it. It's a treasure of information.
Do prefer the paperback version because you will love putting annotation and highlighting some lines to keep them in mind and for further usage. I have the Kindle edition but I consider buying the paperback as well just to keep it under my arm on my desk.