- Paperback: 248 pages
- Publisher: Syngress; 1 edition (June 30, 2008)
- Language: English
- ISBN-10: 1597492698
- ISBN-13: 978-1597492690
- Product Dimensions: 7.5 x 0.5 x 9.5 inches
- Shipping Weight: 1.2 pounds
- Average Customer Review: 6 customer reviews
- Amazon Best Sellers Rank: #3,236,061 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
UNIX and Linux Forensic Analysis DVD Toolkit 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
See the Best Books of 2017
Looking for something great to read? Browse our editors' picks for the best books of the year in fiction, nonfiction, mysteries, children's books, and much more.
About the Author
Chris Pogue has spent the past five years as part of the IBM Ethical Hacking Team. He was tasked with emulating the actions of an actual malicious attacker with the intention of assisting customers to identify and eliminate probable attack vectors. Chris has worked on over 3000 exploitation attempts for both internal IBM systems as well as third party customers. Chris is also a former US Army Warrant Officer and has worked with the Army Reserve Information Operations Command (ARIOC) on Joint Task Force (JTF) missions with the National Security Agency (NSA), Department of Homeland Security, Regional Computer Emergency Response Team-Continental United States (RCERT-CONUS), and the Joint Intelligence Center-Pacific (JICPAC). Chris attended Forensics training at Carnegie Mellon University in Pittsburgh, Pennsylvania, and holds a Master’s degree in Information Security. He is a Certified Information Systems Security Professional (CISSP) and a Certified Ethical Hacker (CEH). Chris also holds a Top Secret (TS) security clearance from the Department of Defense.
Cory Altheide is a Security Engineer at Google, focused on forensics and incident response. Prior to returning to Google, Cory was a principal consultant with MANDIANT, an information security consulting firm that works with the Fortune 500, the defense industrial base and the banks of the world to secure their networks and combat cyber-crime. In this role he responded to numerous incidents for a variety of clients. Cory has authored several papers for the computer forensics journal Digital Investigation and was a contributing author for UNIX and Linux Forensic Analysis (2008) & The Handbook Of Digital Forensics and Investigation (2010). Additionally, Cory is a recurring member of the program committee of the Digital Forensics Research Workshop (DFRWS).
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
I'll break it down by chapter to make things a little more understandable. The introduction Chapter one was the standard why am I writing this and what will I cover. It seemed like that was a good start. Unfortunately things when south with Chapter 2. Introduction to UNIX: I'm sorry did I miss the UNIX in it? The focus was Ubuntu Linux. While a forensic analyst should be able to examine Linux systems, that wasn't the title of the book. UNIX was first, but UNIX was hardly mentioned. There are similarities, but not to the extent that the author makes the reader believe. At the time of my reading this book I was working on forensic analysis of a Solaris system and a CentOS system. I was able to use maybe 10 to 15 percent of the content for the Solaris system and if I was lucky 50% for the CentOS system.
Chapter 3 Live Response: Data Collection- there was no Live Response. In short there was very little about what the responder should collect and what is useless information. Much of the chapter was spent on a Log Book and various live CD/DVD Linux distributions that are available. There is a slight discussion of how to collect drive images, but even that is outdated at the time of writing. Two years prior to the writing I was collecting images from Terabyte systems.
Chapter 4 is about Initial Triage and Data Analysis- I'm sorry what? We've already collected the image? Why do we go back to triage? Why are we now just concerned with the network? I know chapters can be read in any order, but if this is for an "intro" person they will most likely do the work in order of the chapters if they do not know any better or have someone guiding them. The author gives a few examples of techniques which are good. Then an example of keyword lists and makes a point of telling the reader to develop their own. The author makes a point of saying attackers will want to look like normal activity on the network, but then gives keyword lists that are standard script kiddie tools. If the attacker is more than just a beginner they have modified the signature/look so that it doesn't match. While I am not against a keyword search, I am against the thinking that if your keyword search does not hit then you must acquit. Chapter 4 is probably the most useful chapter of the book.
Then we go to one of the most useless chapters in the book. At over fifty pages this chapter is the largest, but covers the least useful information. Discussing The Hacking Top 10 is pointless. Especially with the emphasis on tools that won't be as common. A discussion of Nmap and netcat are vital to this book, but many hackers won't take the time to install Wireshark with it's size and GUI. There are tools out there that are cmd line based and would suite an attacker more. Some of the other tools should be discussed, but not to the extent that the author does. It's almost as if the book was to short to charge $59.95 so they added pages to justify the cost.
Chapter 6 discussed the /Proc file system. One of the more useful chapters in the book. However it is one hundred percent Linux based. Again no discussion at all for the differences in UNIX and Linux.
Chapter 7 discussed file analysis. Again a very useful chapter, but lacking in depth. A minuscule thirteen pages there should be so much more discussed.
Chapter 8 was the second most useless chapter in the book. Fortunately it was only a waste of ten pages of the book. Discussing anti-virus instead of what the chapter Title promises "Malware", it really was let down on possible interest. While the title of Chapter 5 did not lead anyone on, Chapter 8 was definite tease. The discussion was a vague conversation about the direction of malware in the Linux environment (notice again not discussing UNIX) and then into different anti-virus systems that are available. I have never installed an AV to do forensics and it would seem to me to not be reliable if the signature has changed slightly anyway.
In discussing this book the Appendix is noteworthy. It gives a high-level overview of setting up Cybercrime detection, but it is only vaguely related to the topic as there is much discussion on networks and Windows systems.
While there is a requirement for a UNIX forensics book this book does not meet that requirement. It is useful for Linux analysis if that is all you are working on, but this will not apply much to the more UNIX platforms of the *nix systems. While I applaud the authors attempt, it seems as if editing may have taken the liberty to force this book into a broader market than was the original intention.
The few moments where the authors approach a meaningful forensic topic, the reader is redirected to an online resource rather than provided an analysis or explanation within the book.
The book title may lead readers to believe that an accompanying DVD contains a Unix forensic toolkit of some kind. In fact, there is only 1.8 MB of documents and no tools save for a few (4) short Bash scripts that hardly cover a thorough forensics examination: live or otherwise. One of the scripts is only one line. One of these documents is an incomplete 3.5 page summary of Sleuthkit tools. By "incomplete" I mean that it is apparent that the author decided to quit writing. Apparently there was no room in this 236 page, 14-gauge font book to cover in any detail the different Unix filesystems, data acquisition, data carving or static filesystem analysis. But the authors make plenty of room to discuss scanning with Unix tools (nmap, nessus, etc.).
There is a section entitled "Malware" except that no malware sample is actually examined. The reader is briefly introduced to Panda's AV scanner and is walked through how to use ClamAV as if that is the only AV scanner available for either a Unix user or Forensic Examiner. Forensic Examiners should pay very close attention to AntiVirus product comparative reviews.
The book cover boasts that this is the "only digital forensic analysis book for *nix". Indeed there may be little in the way of books solely dedicated to Unix forensics but other books cover Unix forensics with greater detail than this one. For example, Brian Carrier's "Filesystem Forensic Analysis" or Jones, Bejtlich and Rose's "Real Digital Forensics".
The book cover also boasts that readers can "Hit the ground running" with the information within. Unfortunately, if readers expect the content to help them bridge a gap between Windows and Unix, they will hit the ground with a resounding thud. If any Forensics Examiner finds value in the content of this book for actual Unix forensic investigations, I would question that examiner's experience and training.
If the authors wanted to write a book about cool Linux tools or network scanning, they should have entitled the book differently. Perhaps "A Beginner's Guide to Using Linux and Linux Security Applications".
I felt the title was misleading and false advertising. The authors take advantage of the word "Forensics" to sell a book that is not about forensics. For $53.95 I expected much more and was extremely disappointed and disgusted at the inferiority of the content.
If you already know unix or linux, but are not familiar with tools like Nessus, nmap, wireshark, tcpdump, netcat, etc... just go directly to [...], where you can find the compilied list of the top 100 security tools from the nmap-hackers mailing list.
What a waste of time and money.