Название: Practical Linux Forensics: A Guide for Digital Investigators (Final) Автор: Bruce Nikkel Издательство: No Starch Press, Inc. Год: 2022 Страниц: 403 Язык: английский Формат: True (PDF, EPUB) Размер: 22.5 MB
Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems that have been misused, abused, or the target of malicious attacks. This essential practitioner’s guide will show you how to locate and interpret digital evidence found on Linux desktops, servers, and IoT devices, draw logical conclusions, and reconstruct timelines of past activity after a crime or security incident. It's a book written for investigators with varying levels of Linux experience, and the techniques shown are independent of the forensic analysis platform and tools used.
Early chapters provide an overview of digital forensics as well as an introduction to the Linux operating system and popular distributions. From there, the book describes the analysis of storage, filesystems, files and directories, installed software packages, and logs. Special focus is given to examining human user activity such as logins, desktop environments and artifacts, home directories, regional settings, and peripheral devices used.
You’ll learn how to:
Analyze partition tables, volume management, Linux filesystems, and directory layout Reconstruct the Linux startup process, from system boot and kernel initialization, to systemd unit files leading up to a graphical login Perform historical analysis of power, temperature, and physical environment, and find evidence of sleep, hibernation, shutdowns, reboots, and crashes Analyze network configuration, including interfaces, addresses, network managers, DNS, wireless artifacts, VPNs, firewalls, and proxy settings Perform analysis of time and locale settings, internationalization (language and keyboard settings), and Linux geolocation services Reconstruct user login sessions, analyze desktop artifacts, and identify traces of attached peripheral devices, including disks, printers, and mobile devices
Target Audience and Prerequisites: I wrote this book with a specific audience in mind. It is primarily aimed at digital forensics practitioners who are experienced at performing Windows, Mac, and mobile forensics and want more knowledge in the area of Linux. Forensic examiners need to know basic Linux concepts, where to find forensic artifacts, and how to interpret evidence collected. This does not mean examiners must know how to use Linux (though it can help); they need to know only what to look for and how to draw conclusions from the evidence found.
Who Should Read This Book? This book will directly benefit people working in private- and public-sector digital forensics labs who are responsible for conducting forensic examinations of computer systems, including Linux. The book specifically targets the growing number of forensic practitioners from incident response teams; computer forensic investigators within large organizations; forensic and e-discovery technicians from legal, audit, and consulting firms; and traditional forensic practitioners from law enforcement agencies. Although this book is intended primarily for experienced digital forensic investigators wanting to advance their Linux knowledge, it will benefit other groups of people, as well.
Experienced Unix and Linux administrators who want to learn digital forensic analysis and investigative techniques will also benefit from this book. This could be system administrators wanting to transition into the field of digital forensics or to leverage digital forensic methods to improve their troubleshooting skills. Security professionals will also find this book useful. Information security risks associated with a default Linux installation may need to be assessed, resulting in security-driven changes. This may include reducing the amount of information stored on a system for confidentiality reasons. Conversely, forensic readiness requirements may result in increasing the amount of information logged or saved on a system.
BRIEF CONTENTS Introduction Chapter 1: Digital Forensics Overview Chapter 2: Linux Overview Chapter 3: Evidence from Storage Devices and Filesystems Chapter 4: Directory Layout and Forensic Analysis of Linux Files Chapter 5: Investigating Evidence from Linux Logs Chapter 6: Reconstructing System Boot and Initialization Chapter 7: Examination of Installed Software Packages Chapter 8: Identifying Network Configuration Artifacts Chapter 9: Forensic Analysis of Time and Location Chapter 10: Reconstructing User Desktops and Login Activity Chapter 11: Forensic Traces of Attached Peripheral Devices Afterword Appendix: File/Directory List for Digital Investigators Index
Скачать Practical Linux Forensics: A Guide for Digital Investigators (Final)
Внимание
Уважаемый посетитель, Вы зашли на сайт как незарегистрированный пользователь.
Мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.