Real Digital Forensics Computer Security and Incident Response

Name: Real Digital Forensics Computer Security and Incident Response
Availability: InStock
ISBN: 9780321240699

ISBN-10: 0321240693

ISBN-13: 9780321240699

Edition: 2006

Authors: Keith Jones, Richard Bejtlich, Curtis Rose

List price: $84.99

30 day, 100% satisfaction guarantee!

Semester Rental: $19.09 Due date: 8/14/2024

Rental notice: supplementary materials (access codes, CDs, etc.) are not guaranteed with rental orders.

Buy used: $7.18

Marketplace

2 new & used from $4.21

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

This book and DVD set provides a practical hands-on approach to solving problems encountered when performing computer-related investigations.

Book details

List price: $84.99
Copyright year: 2006
Publisher: Addison Wesley Professional
Publication date: 9/23/2005
Binding: Mixed Media
Pages: 688
Size: 6.90" wide x 9.20" long x 1.40" tall
Weight: 2.244
Language: English

Curtis Rose is Bible teacher and author. He is currently a member of Creekside Bible Church in Castle Rock, Colorado. His true claim to fame is his wife of 36 years, Jeane, and their three children and ten grandchildren. His passion is to explore the Bible, and then to explain it and exhort others to follow it. This especially true in the area of Christian character.



Preface


Acknowledgments


About the Authors


Case Studies



Live Incident Response



Windows Live Response


Analyzing Volatile Data


The System Date and Time


Current Network Connections


Open TCP or UDP Ports


Executables Opening TCP or UDP Ports


Cached NetBIOS Name Tables


Users Currently Logged On


The Internal Routing Table


Running Processes


Running Services


Scheduled Jobs


Open Files


Process Memory Dumps


Full System Memory Dumps


Analyzing Nonvolatile Data


System Version and Patch Level


File System Time and Date Stamps


Registry Data


The Auditing Policy


A History of Logins


System Event Logs


User Accounts


IIS Logs


Suspicious Files


Putting It All Together



Unix Live Response


Analyzing Volatile Data


The System Date and Time


Current Network Connections


Open TCP or UDP Ports


Executables Opening TCP or UDP Ports


Running Processes


Open Files


The Internal Routing Table


Loaded Kernel Modules


Mounted File Systems


Analyzing Nonvolatile Data


System Version and Patch Level


File System Time and Date Stamps


File System MD5 Checksum Values


Users Currently Logged On


A History of Logins


Syslog Logs


User Accounts


User History Files


Suspicious Files


Putting It All Together



Network-Based Forensics



Collecting Network-Based Evidence


Full Content Data


Session Data


Alert Data


Statistical Data


Putting NBE to Work


A Standard Intrusion Scenario


Using Full Content Data


Using Session Data


Using Alert Data


Using Statistical Data


Data Collection


Accessing the Wire


Collecting and Storing Traffic


Full Content Data Tools


Session Data Tools


Alert Data Tools


Statistical Data Tools


Putting It All Together



Analyzing Network-Based Evidence for a Windows Intrusion


Statistical Data: First Trace


Alert Data: First Trace


Session Data: First Trace


Full Content Data: First Trace


Statistical Data: Second Trace


Alert Data: Second Trace


Session Data: Second Trace


Full Content Data: Second Trace


Putting It All Together



Analyzing Network-Based Evidence for a Unix Intrusion


Statistical Data


Alert Data


Session Data


Full Content Data


Putting It All Together



Acquiring a Forensic Duplication



Before You Jump Right In...


Preparing for a Forensic Duplication


Document, Document, Document!



Commercial-Based Forensic Duplications


The Read-Only IDE-to-Firewire Device


Acquiring a Forensic Duplication with EnCase


Acquiring a Forensic Duplication with FTK



Noncommercial-Based Forensic Duplications


DD


Creating an Evidence File


Creating an Evidence Hard Drive


DD Rescue


DCFLDD


NED-The Open Source Network Evidence Duplicator



Forensic Analysis Techniques



Common Forensic Analysis Techniques


Recovering Deleted Files


Open Source Solutions


Commercial Solutions


Production of Time Stamps and Other Metadata for Files


Open Source Solutions


Commercial Solutions


Removing Known Files


Open Source Solutions


Commercial Solutions


File Signatures and Electronic Discovery


Open Source Solutions


Commercial Solutions


String Searching and File Fragments


Open Source Solutions


Commercial Solutions



Web Browsing Activity Reconstruction


Commercial Forensic Tools


Open Source Solutions


Pasco-An Open Source Web Browsing Investigation Tool


Galleta-An Open Source IE Cookie Investigation Tool


Putting It All Together



E-Mail Activity Reconstruction


Commercial Forensic Tools


Open Source Solutions


Outlook Express



Microsoft Windows Registry Reconstruction


Identifying Installed Programs


Identifying "Most Recently Used" Documents



Forensic Tool Analysis: An Introduction to Using Linux for Analyzing Files of Unknown Origin


Case Background


A Hands-On Introduction to Forensic Tool Analysis: Hello World!


Static Analysis of Hello


Dynamic Analysis of Hello


Putting It All Together



Forensic Tool Analysis: A Hands-On Analysis of the Linux File aio


Static Analysis of aio


md5sum


ls -al


file


strings


Hexadecimal Viewer


nm


ldd


readelf


objdump


Dynamic Analysis of aio


System Call Trace (strace)


GNU Debugger


Recovering the Uncompressed aio Binary


Recovery by Identifying the Packer That Was Used


Static Analysis of the Recovered Uncompressed Binary


Dynamic Analysis of the Recovered Uncompressed Binary


md5sum


Putting It All Together



Forensic Tool Analysis: Analyzing Files of Unknown Origin (Windows)


Case Background


A Hands-On Introduction to Forensic Tool Analysis: Hello World!


Static Analysis of hello.exe


Dynamic Analysis of hello.exe


Summary of hello.exe


A Hands-On Forensic Tool Analysis: sak.exe


Static Analysis of sak.exe


Dynamic Analysis of sak.exe


Putting It All Together



Creating a Complete Forensic Tool Kit



Building the Ultimate Response CD


Preparing the Windows Live Response Tools


Preparing the Unix Live Response Tools


Forensic Duplication Tools


DCFLDD


NED



Making Your CD-ROM a Bootable Environment


Knoppix-A Linux Distribution on a CD-ROM


The Knoppix CD-Rom



Mobile Device Forensics



Forensic Duplication and Analysis of Personal Digital Assistants


Case Background


Forensic Acquisition Utilizing EnCase


Initial Setup


EnCase


Forensic Acquisition Utilizing Paraben's PDA Seizure


Forensic Acquisition Utilizing Palm Debugger


Forensic Analysis of the Palm IIIc


Forensic Analysis of the HP iPAQ Pocket PC 2003


Forensic Analysis of the Palm m505


Putting It All Together



Forensic Duplication of USB and Compact Flash Memory Devices


Duplicating USB Devices


Duplicating Compact Flash Cards



Forensic Analysis of USB and Compact Flash Memory Devices


USB Memory Devices


Open Source Solutions


Commercial Solutions


Compact Flash Cards


Open Source Solutions


Commercial Solutions



Online-Based Forensics



Tracing E-Mail


Hotmail


Yahoo!


Netscape


Other E-Mail Services


Anonymous Remailers



Domain Name Ownership


Importing the TLD Zone Files into Postgres


Translating FQDNs to IP Addresses


Searching for Domains


Searching for DNSs



An Introduction to Perl


Reading Input


Matching Text


Regular Expressions


Formatting Output


Processing Live IR Data Collected


The Date Problem with Microsoft Excel


Index