Digital Forensics with Open Source Tools 1st Edition

by Cory Altheide (Author), Harlan Carvey (Author)

32 customer reviews

ISBN-13: 978-1597495868

ISBN-10: 9781597495868

Why is ISBN important?

Sell yours for a Gift Card
We'll buy it for up to $5.56
Learn More
Trade in now

Have one to sell? Sell on Amazon

Added to

Unable to add item to List. Please try again.

Share <Embed>

Due Date: Jan 21, 2019 Rental Details

FREE return shipping at the end of the semester.
Access codes and supplements are not guaranteed with rentals.

In Stock. Rented from apex_media , Fulfilled by Amazon

List Price: $59.95 Save: $32.75 (55%)

Free Shipping

Deliver to Poland

Add to Rental Cart

Condition: Used - Acceptable

In Stock. Sold by Amazon Warehouse, Fulfilled by Amazon

Access codes and supplements are not guaranteed with used items.

47 Used from $16.02

FREE Shipping

Deliver to Poland

Turn on 1-Click ordering

In Stock.

Ships from and sold by Amazon.com.

This item ships to Poland. Want it Friday, Nov. 23? Choose AmazonGlobal Priority Shipping at checkout. Learn more

List Price: $59.95
Save: $7.20 (12%)

45 New from $52.75

Deliver to Poland

Turn on 1-Click ordering

More Buying Choices

45 New from $52.75 47 Used from $16.02 1 Rentals from $27.20

93 offers from $16.02

See All Buying Options

Free Two-Day Shipping for College Students with Amazon Student

Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of open source tools on Mac, Linux and Windows systems as a platform for performing computer forensics. Both well-known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts.

Written by world-renowned forensic practitioners, this book uses the most current examination and analysis techniques in the field. It consists of 9 chapters that cover a range of topics such as the open source examination platform; disk and file system analysis; Windows systems and artifacts; Linux systems and artifacts; Mac OS X systems and artifacts; Internet artifacts; and automating analysis and extending capabilities. The book lends itself to use by students and those entering the field who do not have means to purchase new tools for different investigations.

This book will appeal to forensic practitioners from areas including incident response teams and computer forensic investigators; forensic technicians from legal, audit, and consulting firms; and law enforcement agencies.

Written by world-renowned forensic practitioners
Details core concepts and techniques of forensic file system analysis
Covers analysis of artifacts from the Windows, Mac, and Linux operating systems

Customers who viewed this item also viewed

Page 1 of 1 Start overPage 1 of 1

This shopping feature will continue to load items. In order to navigate out of this carousel please use your heading shortcut key to navigate to the next or previous heading.

2

$459.99

Customers who bought this item also bought

Page 1 of 1 Start overPage 1 of 1

This shopping feature will continue to load items. In order to navigate out of this carousel please use your heading shortcut key to navigate to the next or previous heading.

Jessey Bullock

18

Paperback
$32.71

Editorial Reviews

Review

"This is highly detailed material. Although the introductory chapter adopts an easy pace, with overviews of important technical concepts, most of the other chapters get right down to the practice of forensic analysis. This is not a book you’re going to want to read in bed: you’ll want this right next to a computer – preferably two or three computers running different operating systems – so that you can try the techniques for yourself as you work your way through. The authors admit that this book does not cover everything you need to know. For instance, it focuses entirely on ‘dead drive’ forensics – offline systems. Analysing running systems often requires high-level proprietary tools. But it does give an excellent grounding in the methods of digital forensic analysis and provides a valuable first step in learning the technicalities."--Network Security, May 2012, page 4

"Digital Forensics – MacGyver Style! The practical solutions of this book, Digital Forensics with Open Source Tools, save the day when commercial tools fail. During an incident, the clock ticks. Response teams scramble to pull anything together to solve the immediate challenge. Cory Altheide and Harlan Carvey take you through the tools and tactics that you need – the ones that in a pinch will get the job done. A welcome addition to my library."--Rob Lee, SANS Institute

"Intended for students and new computer professionals, or those new to open source applications, this guide to digital forensics provides practical instructions for many common tasks in data recovery and analysis using open source tools. Beginning with a discussion of setting up an open source examination platform and tool set, the work covers disk and file system analysis, Windows, GNU/Linux and Mac OS X systems and artifacts, Internet artifacts, file analysis and automated analysis. The volume includes numerous code examples and tips and tricks as well as an appendix of software tools."--Reference and Research Book News

"The authors intended this book for two types of readers: complete novices in the world of digital forensics, and seasoned practitioners who are interested in learning more about open source tools that could help them in their work. And although it might seem difficult to merge the knowledge in such a way to make for an interesting book for both groups, in my opinion, the writers managed to do it beautifully."--Net-Security.org

From the Back Cover

Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of these tools on Linux and Windows systems as a platform for performing computer forensics. Both well known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts.

See all Editorial Reviews

Product details

Paperback: 288 pages
Publisher: Syngress; 1 edition (April 28, 2011)
Language: English
ISBN-10: 9781597495868
ISBN-13: 978-1597495868
ASIN: 1597495867
Product Dimensions: 7.5 x 0.6 x 9.2 inches
Shipping Weight: 1.4 pounds (View shipping rates and policies)
Average Customer Review: 32 customer reviews
Amazon Best Sellers Rank: #587,277 in Books (See Top 100 in Books)
- #328 in Books > Law > Criminal Law > Forensic Science
- #636 in Books > Computers & Technology > Business Technology > Software > Enterprise Applications
- #1563 in Books > Computers & Technology > Security & Encryption

Would you like to tell us about a lower price?
If you are a seller for this product, would you like to suggest updates through seller support?

Be the first video

Your name here

Try the Kindle edition and experience these great reading features:

See Kindle Edition

32 customer reviews

Review this product

Write a customer review

Showing 1-4 of 32 reviews

There was a problem filtering reviews right now. Please try again later.

Robert M. Lee

A Book for Pros and Students

September 17, 2013

Format: PaperbackVerified Purchase

Cory and Harlan are two names in the digital forensics community that you can always trust to bring you great material. This book is packed full of resources for a wide variety of uses. What I love most about the book is that pros are able to learn new methods and tools from it while students are able to easily pick up the book and get started. This is one of those books that I truly feel is perfectly tied to a quote made famous by Isaac Newton "If I have seen further it is by standing on (the) shoulders of Giants." Everyone can easily learn an enormous amount from these two authors and their career long adventures and experiences with digital forensics.

I teach digital forensic classes at the grad school level and also at a non-profit; in both classes to students of a wide range of skills I always recommend this book as a must read. It has something for everyone.

Helpful

Comment

Colin C. Sheppard

Excellent Book, Five Stars!

August 2, 2011

Format: PaperbackVerified Purchase

As Cory and Harlan state in the introduction, this book is intended for two audiences; new forensic practitioners and experienced digital forensics practitioners new to open source tools. I believe they have succeeded in providing top-notch material for both audiences. Several excellent five star reviews have already been posted, which I agree with wholeheartedly. In order to avoid simply rehashing these existing reviews, I would like to simply state that I believe Cory and Harlan did two things very well with DFWOST:

1. As Cory and Harlan state in the introduction to Chapter 2, "Being able to build software properly is critical for an examiner using open source tools". Speaking as a seasoned examiner that consistently leverages the majority of the tools in DFWOST, we sometimes forget that the configuration of various interpreters (Perl, Python, Ruby) and the proper installation of tools from source are a difficult task for those new to open source tools. This technical hurdle often inhibits the adoption of open source utilities by even senior analysts. I believe Cory and Harlan had this hurdle in mind when authoring DFWOST, as they provide their readers with valuable information regarding these tasks. Chapter 2 does an excellent job of stepping the reader through the installation of various interpreters and utilities for both the Linux and Windows environments. Before I read DFWOST, I was curious if Cory and Harlan would leverage an available Linux-based live distro and bypass the topic of installation and configuration of an examination system all together. I was happy to see they they did not take this route, as dependency on a live distro can simply add a layer of abstraction for a new student.

2. Instead of bloating DFWOST with content that has been covered in depth in existing publications, Cory and Harlan opt to simply direct readers to these resources. Given both the author's resumes (and previous publications), they could of easily supplied this information in DFWOST to unnecessarily bulk this book up. For instance, when the topic of advanced Windows Registry analysis is mentioned, the reader is directed to Harlan's Windows Registry Forensics. This may be construed as self-serving, but the same is done when the topic of Windows binary (PE) analysis is entered. In this case, the reader is directed towards Malware Analyst's Cookbook by Ligh, Adiar, Hartstein, and Richard. In my opinion, both these publications are the definitive sources for their perspective topics. It is refreshing to see the authors direct their readers to the appropriate place, instead of diving into a topic that probably doesn't have the appropriate real estate dedicated for discussion in the first place.

As with any material these two authors provide to the community, DFWOST should be required reading for any examiner - not just open source hobbyists and newbies. I hope we see another great publication from both Cory and Harlan in the near future. They make a good team.

2 people found this helpful

Helpful

Comment

Peter File

Very comprehensive

September 15, 2012

Format: Kindle EditionVerified Purchase

That's a huge book! It explains very well what to collect, why to collect, how to collect E-evidences and then it explains how to work on your findings with open-source tools.
A lot of work has been put in that book. You definitely feel the sweat of the author putting all information together, the testing, the results.
If you start in Digital Forensics it might be slightly complex but it can easily be your second or third book in that matter.
If you're already an IT engineer or passionate and you want to explore the deep technical bit of digital forensics then go for it. It's a treasure of information.
Do prefer the paperback version because you will love putting annotation and highlighting some lines to keep them in mind and for further usage. I have the Kindle edition but I consider buying the paperback as well just to keep it under my arm on my desk.

Helpful

Comment

Charles Profitt

Great Book - Amazon Packaging Was Poor

June 30, 2012

Format: PaperbackVerified Purchase

First let me start off by saying that the Amazon packaging was terrible and likely the reason the book looked 'used' instead of new when I received it. In order to get better packaging you might want to order this book with other books.

-----
The author does not make the assumption that everyone reading the book will be familiar with what Open Source Software is and goes in to a little bit of detail on the subject. As a FOSS advocate I was appreciative of the effort put in to educate others on this subject.

Chapter 2:
This chapter is about getting your forensic computer setup with FOSS tools and applications. It covers setups on Linux and Windows, but with a preference towards Ubuntu (Linux) as this is what the author used and what the examples are done with.

Chapter 3:
Covers the basics of how to analyze disks. This includes covering ram slack, file slack, file systems specifics, carving and hashing. It is important to know how to handle evidence if will be needed in a court room. Failure to use hashes and load a disk as read only will likely result in evidence being questioned and potentially thrown out.

Chapter 4:
Covers Windows specific file systems artifacts

Chapter 5:
Covers Linux specific file systems artifacts

Chapter 6:
Covers OS specific file system artifacts

Chapter 7:
Covers browser artifacts for IE, Firefox, Chrome and Safari. It also covers email artifacts. I was particularly interested by the Chrome and Safari artifacts.

Chapter 8:
Deals with file analysis covering media files, documents and others. It was interesting to note that there does not appear to be any ability for Open Source tools to leverage known hashes to identify files known to law enforcement.

Chapter 9:
Automating the process -- trust me you do not want to have to do everything by hand.

Chapter 10:
Covered free, but not open source tools that are available.

Overall I found the book to have a solid mix of theory and tool use examples. It also included links to forensic images you can use to experiment with the tools. I already played with many of these images with proprietary tools a while back and look forward to exploring how open source tools work with them as well.

Solid book diminished only by the inept packaging Amazon utilized. If the book were not so good I would be returning the book.

2 people found this helpful

Helpful

Comment

Set up an Amazon Giveaway

Amazon Giveaway allows you to run promotional giveaways in order to create buzz, reward your audience, and attract new followers and customers. Learn more about Amazon Giveaway

This item: Digital Forensics with Open Source Tools

Set up a giveaway

Pages with related products. See and discover other items: integrated science, computer literacy, enterprise security, digital forensic, privacy law

Digital Forensics with Open Source Tools 1st Edition

Turn on 1-Click ordering

Turn on 1-Click ordering

Customers who viewed this item also viewed

Customers who bought this item also bought

Sponsored products related to this item (What's this?)

Editorial Reviews

Review

From the Back Cover

Product details

Related Video Shorts (0)

Be the first video

Sponsored products related to this item (What's this?)

Try the Kindle edition and experience these great reading features:

32 customer reviews

Review this product

Read reviews that mention

Showing 1-4 of 32 reviews

There was a problem filtering reviews right now. Please try again later.

Set up an Amazon Giveaway

Digital Forensics with Open Source Tools 1st Edition

Sorry, there was a problem.

Sorry, there was a problem.

Rent On clicking this link, a new layer will be open $27.20 On clicking this link, a new layer will be open

Buy used On clicking this link, a new layer will be open $28.71 On clicking this link, a new layer will be open

Turn on 1-Click ordering

Buy new On clicking this link, a new layer will be open $52.75 On clicking this link, a new layer will be open

Turn on 1-Click ordering

Customers who viewed this item also viewed

Customers who bought this item also bought

Sponsored products related to this item (What's this?)

Editorial Reviews

Review

From the Back Cover

Product details

Related Video Shorts (0)

Be the first video

Sponsored products related to this item (What's this?)

Try the Kindle edition and experience these great reading features:

32 customer reviews

Review this product

Read reviews that mention

Showing 1-4 of 32 reviews

There was a problem filtering reviews right now. Please try again later.

Set up an Amazon Giveaway

Rent On clicking this link, a new layer will be open

$27.20 On clicking this link, a new layer will be open

Buy used On clicking this link, a new layer will be open

$28.71 On clicking this link, a new layer will be open

Buy new On clicking this link, a new layer will be open

$52.75 On clicking this link, a new layer will be open