Items related to Linux Forensics
Synopsis
Linux Forensics is the most comprehensive and up-to-date resource for those wishing to quickly and efficiently perform forensics on Linux systems. It is also a great asset for anyone that would like to better understand Linux internals.
Linux Forensics will guide you step by step through the process of investigating a computer running Linux. Everything you need to know from the moment you receive the call from someone who thinks they have been attacked until the final report is written is covered in this book. All of the tools discussed in this book are free and most are also open source.
Dr. Philip Polstra shows how to leverage numerous tools such as Python, shell scripting, and MySQL to quickly, easily, and accurately analyze Linux systems. While readers will have a strong grasp of Python and shell scripting by the time they complete this book, no prior knowledge of either of these scripting languages is assumed. Linux Forensics begins by showing you how to determine if there was an incident with minimally invasive techniques. Once it appears likely that an incident has occurred, Dr. Polstra shows you how to collect data from a live system before shutting it down for the creation of filesystem images.
Linux Forensics contains extensive coverage of Linux ext2, ext3, and ext4 filesystems. A large collection of Python and shell scripts for creating, mounting, and analyzing filesystem images are presented in this book. Dr. Polstra introduces readers to the exciting new field of memory analysis using the Volatility framework. Discussions of advanced attacks and malware analysis round out the book.
Book Highlights
- 370 pages in large, easy-to-read 8.5 x 11 inch format
- Over 9000 lines of Python scripts with explanations
- Over 800 lines of shell scripts with explanations
- A 102 page chapter containing up-to-date information on the ext4 filesystem
- Two scenarios described in detail with images available from the book website
- All scripts and other support files are available from the book website
Chapter Contents
- First Steps
- General Principles
- Phases of Investigation
- High-level Process
- Building a Toolkit
- Determining If There Was an Incident
- Opening a Case
- Talking to Users
- Documenation
- Mounting Known-good Binaries
- Minimizing Disturbance to the Subject
- Automation With Scripting
- Live Analysis
- Getting Metadata
- Using Spreadsheets
- Getting Command Histories
- Getting Logs
- Using Hashes
- Dumping RAM
- Creating Images
- Shutting Down the System
- Image Formats
- DD
- DCFLDD
- Write Blocking
- Imaging Virtual Machines
- Imaging Physical Drives
- Mounting Images
- Master Boot Record Based Partions
- GUID Partition Tables
- Mounting Partitions In Linux
- Automating With Python
- Analyzing Mounted Images
- Getting Timestamps
- Using LibreOffice
- Using MySQL
- Creating Timelines
- Extended Filesystems
- Basics
- Superblocks
- Features
- Using Python
- Finding Things That Are Out Of Place
- Inodes
- Journaling
- Memory Analysis
- Volatility
- Creating Profiles
- Linux Commands
- Dealing With More Advanced Attackers
- Malware
- Is It Malware?
- Malware Analysis Tools
- Static Analysis
- Dynamic Analysis
- Obfuscation
- The Road Ahead
- Learning More
- Communities
- Conferences
- Certifications
"synopsis" may belong to another edition of this title.
About the Author
Dr. Philip Polstra (known to his friends as Dr. Phil) is an internationally recognized hardware hacker. His work has been presented at numerous conferences around the globe including repeat performances at DEFCON (six presentations in four years), BlackHat, 44CON, GrrCON, MakerFaire, ForenSecure, and other top conferences. Dr. Polstra is a well-known expert on USB forensics and has published several articles on this topic. He has developed a number of video courses including ones on Linux forensics, USB forensics, and reverse engineering.
Dr. Polstra has developed degree programs in digital forensics and ethical hacking while serving as a professor and Hacker in Residence at a private university in the Midwestern United States. He currently teaches in one of the top Digital Forensics degree programs in the United States at Bloomsburg University of Pennsylvania. In addition to teaching, he provides training and performs penetration tests on a consulting basis. When not working, he has been known to fly, build aircraft, and tinker with electronics. He is an accomplished aviator with thousands of hours of flight time and a dozen ratings as a pilot, flight instructor, mechanic, aircraft inspector, and avionics specialist. His latest happenings can be found on his website http://philpolstra.com. You can also follow him at @ppolstra on Twitter.
Dr. Polstra authored Hacking and Penetration Testing with Low Power Devices (Syngress, 2014) in which he showed the world how to easily build drop boxes, hacking consoles, and remote hacking drones with the BeagleBone Black and similar devices. In the course of creating these devices he developed his own Linux, Deck Linux, which is optimized for security testing with ARM-based devices. Techniques described in this book permit security penetration tests to be performed with multiple, possibly battery powered, devices which are controlled by a user up to two miles away from the target organization.
His latest book, Linux Forensics (Pentester Academy, 2015), is the most comprehensive and up-to-date resource available to anyone wishing to perform forensics on Linux systems. The first printing of this book sold out in under twenty five hours. This book is considered a must have by a number of forensic investigators around the world.
"About this title" may belong to another edition of this title.
- PublisherCreateSpace Independent Publishing Platform
- Publication date2015
- ISBN 10 1515037630
- ISBN 13 9781515037637
- BindingPaperback
- LanguageEnglish
- Edition number1
- Number of pages370
Buy New
View this item
£ 39.14
£ 7.45 shipping from U.S.A. to United Kingdom
Destination, rates & speedsSearch results for Linux Forensics
Stock Image
Linux Forensics
Published by
CreateSpace Independent Publishing Platform (edition ), 2015
ISBN 10: 1515037630
ISBN 13: 9781515037637
Used
Paperback
Seller: BooksRun, Philadelphia, PA, U.S.A.
Seller rating 5 out of 5 stars
Paperback. Condition: Very Good. Ship within 24hrs. Satisfaction 100% guaranteed. APO/FPO addresses supported. Seller Inventory # 1515037630-8-1-42
Quantity: 2 available
Stock Image
Linux Forensics
Published by
CreateSpace Independent Publishing Platform, 2015
ISBN 10: 1515037630
ISBN 13: 9781515037637
Used
Softcover
First Edition
Seller: Better World Books: West, Reno, NV, U.S.A.
Seller rating 5 out of 5 stars
Condition: As New. 1st Edition. Used book that is in almost brand-new condition. Seller Inventory # 21363108-75
Quantity: 1 available
Seller Image
Linux Forensics
Published by
CreateSpace Independent Publishing Platform, 2015
ISBN 10: 1515037630
ISBN 13: 9781515037637
Used
Soft cover
Seller: Hanselled Books, Burntisland, FIFE, United Kingdom
Seller rating 5 out of 5 stars
Soft cover. Condition: Very Good. P/b 345 pages, condition is very good. Linux Forensics is the most comprehensive and up-to-date resource for those wishing to quickly and efficiently perform forensics on Linux systems. It is also a great asset for anyone that would like to better understand Linux internals. Linux Forensics will guide you step by step through the process of investigating a computer running Linux. Everything you need to know from the moment you receive the call from someone who thinks they have been attacked until the final report is written is covered in this book. All of the tools discussed in this book are free and most are also open source. Seller Inventory # 63799
Quantity: 1 available
Stock Image
Linux Forensics
Published by
CreateSpace Independent Publishing Platform, 2015
ISBN 10: 1515037630
ISBN 13: 9781515037637
Used
Softcover
Seller: SecondSale, Montgomery, IL, U.S.A.
Seller rating 5 out of 5 stars
Condition: Good. Item in good condition. Textbooks may not include supplemental items i.e. CDs, access codes etc. Seller Inventory # 00080742545
Quantity: 1 available
Stock Image
Linux Forensics
Published by
CreateSpace Independent Publishing Platform, 2015
ISBN 10: 1515037630
ISBN 13: 9781515037637
New
Softcover
Seller: California Books, Miami, FL, U.S.A.
Seller rating 5 out of 5 stars
Condition: New. Print on Demand. Seller Inventory # I-9781515037637
Quantity: Over 20 available
Seller Image
Linux Forensics
Published by
CreateSpace Independent Publishing Platform, 2015
ISBN 10: 1515037630
ISBN 13: 9781515037637
New
Softcover
Seller: GreatBookPricesUK, Woodford Green, United Kingdom
Seller rating 5 out of 5 stars
Condition: New. Seller Inventory # 24575289-n
Quantity: Over 20 available
Seller Image
Linux Forensics
Published by
CreateSpace Independent Publishing Platform, 2015
ISBN 10: 1515037630
ISBN 13: 9781515037637
Used
Softcover
Seller: GreatBookPricesUK, Woodford Green, United Kingdom
Seller rating 5 out of 5 stars
Condition: As New. Unread book in perfect condition. Seller Inventory # 24575289
Quantity: Over 20 available
Stock Image
Linux Forensics (Paperback)
Published by
Createspace Independent Publishing Platform, 2015
ISBN 10: 1515037630
ISBN 13: 9781515037637
New
Paperback
Seller: CitiRetail, Stevenage, United Kingdom
Seller rating 5 out of 5 stars
Paperback. Condition: new. Paperback. Linux Forensics is the most comprehensive and up-to-date resource for those wishing to quickly and efficiently perform forensics on Linux systems. It is also a great asset for anyone that would like to better understand Linux internals. Linux Forensics will guide you step by step through the process of investigating a computer running Linux. Everything you need to know from the moment you receive the call from someone who thinks they have been attacked until the final report is written is covered in this book. All of the tools discussed in this book are free and most are also open source. Dr. Philip Polstra shows how to leverage numerous tools such as Python, shell scripting, and MySQL to quickly, easily, and accurately analyze Linux systems. While readers will have a strong grasp of Python and shell scripting by the time they complete this book, no prior knowledge of either of these scripting languages is assumed. Linux Forensics begins by showing you how to determine if there was an incident with minimally invasive techniques. Once it appears likely that an incident has occurred, Dr. Polstra shows you how to collect data from a live system before shutting it down for the creation of filesystem images. Linux Forensics contains extensive coverage of Linux ext2, ext3, and ext4 filesystems. A large collection of Python and shell scripts for creating, mounting, and analyzing filesystem images are presented in this book. Dr. Polstra introduces readers to the exciting new field of memory analysis using the Volatility framework. Discussions of advanced attacks and malware analysis round out the book. Book Highlights 370 pages in large, easy-to-read 8.5 x 11 inch formatOver 9000 lines of Python scripts with explanationsOver 800 lines of shell scripts with explanationsA 102 page chapter containing up-to-date information on the ext4 filesystemTwo scenarios described in detail with images available from the book websiteAll scripts and other support files are available from the book website Chapter Contents First Steps General PrinciplesPhases of InvestigationHigh-level ProcessBuilding a ToolkitDetermining If There Was an IncidentOpening a CaseTalking to UsersDocumenationMounting Known-good BinariesMinimizing Disturbance to the SubjectAutomation With ScriptingLive AnalysisGetting MetadataUsing SpreadsheetsGetting Command HistoriesGetting LogsUsing HashesDumping RAMCreating ImagesShutting Down the SystemImage FormatsDDDCFLDDWrite BlockingImaging Virtual MachinesImaging Physical DrivesMounting ImagesMaster Boot Record Based PartionsGUID Partition TablesMounting Partitions In LinuxAutomating With PythonAnalyzing Mounted ImagesGetting TimestampsUsing LibreOfficeUsing MySQLCreating TimelinesExtended FilesystemsBasicsSuperblocksFeaturesUsing PythonFinding Things That Are Out Of PlaceInodesJournalingMemory AnalysisVolatilityCreating ProfilesLinux CommandsDealing With More Advanced AttackersMalwareIs It Malware?Malware Analysis ToolsStatic AnalysisDynamic AnalysisObfuscationThe Road AheadLearning MoreCommunitiesConferencesCertifications Shipping may be from our UK warehouse or from our Australian or US warehouses, depending on stock availability. Seller Inventory # 9781515037637
Quantity: 1 available
Stock Image
Linux Forensics
Published by
Createspace Independent Publishing Platform, 2015
ISBN 10: 1515037630
ISBN 13: 9781515037637
New
Paperback / softback
Seller: THE SAINT BOOKSTORE, Southport, United Kingdom
Seller rating 5 out of 5 stars
Paperback / softback. Condition: New. This item is printed on demand. New copy - Usually dispatched within 5-9 working days 857. Seller Inventory # C9781515037637
Quantity: Over 20 available
Seller Image
Linux Forensics
Published by
CreateSpace Independent Publishing Platform, 2015
ISBN 10: 1515037630
ISBN 13: 9781515037637
New
Softcover
Seller: GreatBookPrices, Columbia, MD, U.S.A.
Seller rating 5 out of 5 stars
Condition: New. Seller Inventory # 24575289-n
Quantity: Over 20 available