Skip to content

Forensic Discovery

Spend $50 to get a free DVD!

ISBN-10: 020163497X

ISBN-13: 9780201634976

Edition: 2005

Authors: Dan Farmer, Wietse Venema

List price: $49.99
Blue ribbon 30 day, 100% satisfaction guarantee!
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Customers also bought

Book details

List price: $49.99
Copyright year: 2005
Publisher: Addison-Wesley Longman, Incorporated
Publication date: 12/30/2004
Binding: Paperback
Pages: 240
Size: 7.25" wide x 9.25" long x 1.00" tall
Weight: 1.430
Language: English

Dan Farmeris author of a variety of security programs and papers. He is currently chief technical officer of Elemental Security, a computer security software company. Together he and Wietse Venema, have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit. Wietse Venemahas written some of the world's most widely used software, including TCP Wrapper and the Postfix mail system. He is currently a research staff member at IBM Research. Together, he and Dan Farmer have written many of the world's leading information security and forensics packages, including the SATAN network…    

Dan Farmeris author of a variety of security programs and papers. He is currently chief technical officer of Elemental Security, a computer security software company. Together he and Wietse Venema, have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit. Wietse Venemahas written some of the world's most widely used software, including TCP Wrapper and the Postfix mail system. He is currently a research staff member at IBM Research. Together, he and Dan Farmer have written many of the world's leading information security and forensics packages, including the SATAN network…    

Preface
About the Authors
Basic Concepts
The Spirit of Forensic Discovery
Introduction
Unusual Activity Stands Out
The Order of Volatility (OOV)
Layers and Illusions
The Trustworthiness of Information
The Fossilization of Deleted Information
Archaeology vs. Geology
Time Machines
Introduction
The First Signs of Trouble
What's Up, MAC? An Introduction to MACtimes
Limitations of MACtimes
Argus: Shedding Additional Light on the Situation
Panning for Gold: Looking for Time in Unusual Places
DNS and Time
Journaling File Systems and MACtimes
The Foibles of Time
Conclusion
Exploring System Abstractions
File System Basics
Introduction
An Alphabet Soup of File Systems
UNIX File Organization
UNIX File Names
UNIX Pathnames
UNIX File Types
A First Look Under the Hood: File System Internals
UNIX File System Layout
I've Got You Under My Skin: Delving into the File System
The Twilight Zone, or Dangers Below the File System Interface
Conclusion
File System Analysis
Introduction
First Contact
Preparing the Victim's File System for Analysis
Capturing the Victim's File System Information
Sending a Disk Image Across the Network
Mounting Disk Images on an Analysis Machine
Existing File MACtimes
Detailed Analysis of Existing Files
Wrapping Up the Existing File Analysis
Intermezzo: What Happens When a File Is Deleted?
Deleted File MACtimes
Detailed Analysis of Deleted Files
Exposing Out-of-Place Files by Their Inode Number
Tracing a Deleted File Back to Its Original Location
Tracing a Deleted File Back by Its Inode Number
Another Lost Son Comes Back Home
Loss of Innocence
Conclusion
Systems and Subversion
Introduction
The Standard Computer System Architecture
The UNIX System Life Cycle, from Start-up to Shutdown
Case Study: System Start-up Complexity
Kernel Configuration Mechanisms
Protecting Forensic Information with Kernel Security Levels
Typical Process and System Status Tools
How Process and System Status Tools Work
Limitations of Process and System Status Tools
Subversion with Rootkit Software
Command-Level Subversion
Command-Level Evasion and Detection
Library-Level Subversion
Kernel-Level Subversion
Kernel Rootkit Installation
Kernel Rootkit Operation
Kernel Rootkit Detection and Evasion
Conclusion
Malware Analysis Basics
Introduction
The Dangers of Dynamic Program Analysis
Program Confinement with Hard Virtual Machines
Program Confinement with Soft Virtual Machines
The Dangers of Confinement with Soft Virtual Machines
Program Confinement with Jails and chroot()
Dynamic Analysis with System-Call Monitors
Program Confinement with System-Call Censors
Program Confinement with System-Call Spoofing
The Dangers of Confinement with System Calls
Dynamic Analysis with Library-Call Monitors
Program Confinement with Library Calls
The Dangers of Confinement with Library Calls
Dynamic Analysis at the Machine-Instruction Level
Static Analysis and Reverse Engineering
Small Programs Can Have Many Problems
Malware Analysis Countermeasures
Conclusion
Beyond The Abstractions
The Persistence of Deleted File Information
Introduction
Examples of Deleted Information Persistence
Measuring the Persistence of