Product Description
This book addresses topics in the area of forensic analysis of systems running on variants of the UNIX operating system, which is the choice of hackers for their attack platforms. According to a 2007 IDC report, UNIX servers account for the second-largest segment of spending (behind Windows) in the worldwide server market with $4.2 billion in 2Q07, representing 31.7% of corporate server spending. UNIX systems have not been analyzed to any significant depth largely d… More >>
UNIX and Linux Forensic Analysis DVD Toolkit
The authors initiate a very interesting subject, with very easy informative style of delivery. Looking forward of going through more advanced material by the authors with such valuable information.
Rating: 5 / 5
The first few chapters leads the reader gently into appreciating the differences between Windows and *nix based nomenclature. There are a number of practical tools covered which would assist any Windows investigator to perform post forensic analysis. The tools needed to get the job done on *nix boxes are covered more than adequately. Chapter 4 introduces the reader to some practical advice on triage and live data analysis, there are some useful practical exercises using search techniques and the author shares his experience offering some good practical advice on narrowing the search to relevant areas of investigation. Chapter 5 provides some of the best examples I have seen of the “top 10 hacking” tools covered. This should inspire any reader to appreciate how best to investigate against such “tools”. This chapter inspires the reader to conduct their own research in a laboratory environment with just enough of a sweetener provided in the examples to encourage them to do so. Chapter 6 takes the reader on an insightful tour of the /proc filesystem highlighting some of the key areas an investigator needs to know in terms of live analysis and key areas for volatile data capture. There’s small additional section on the sysfs which covers additional areas of interest relevant to the investigator. Included in this chapter is an insightful walkthru of an investigation further re-enforcing the ideas presented by the author. Chapter 7 guides the reader through the filesystem, highlighting key areas such as configuration files. The author also provides the reader with some inventive techniques for investigation. Although a short chapter it concisely provides enough detail to assist the reader in their investigations. Chapter 8 contains detailed instructions on the use and installation of anti-virus/malware software with a good overview provided by the author of Linux file permissions/security. The final appendix is a worthy addition providing a good overview of auditing and logging not just on *nix but includes, Windows, firewalls, router, IDS and IPS systems. It provides a complementary addition to the literature.
Summary.
The author has sought to introduce the reader to a very wide subject area, which considering the diversity of Unices is a brave and audacious move. It is quite amazing how much the author has managed to cover and condense into only 8 chapters and an appendix. The authors clearly have a vast amount of forensic experience especially with regard to incident response, providing practical and sound advice to the reader. There are a number of other sources hinted at by the authors which shows thorough research benefiting this literature and ultimately the reader. This book provides the reader with a perfect introduction to UNIX and Linux Forensic Analysis, additional it should also benefit forensic investigators from the Windows centric world in grasping some of the power available with Linux and Open Source tools. This should allow the reader to complement their own arsenal of investigation tools and techniques with a complementary set of Linux forensic CDs and methodology. This is a book I would heartily recommend to experienced computer forensic examiners and those starting out. Especially to those investigators more used to the Windows environment. The book is clearly an introduction and hints at more to come. I very much look forward to reading more material from the authors covering more advanced topics in their next book. The final paragraph of the synopsis clearly says it all.
Rating: 5 / 5
I don’t often write reviews, but after reading this book, I decided to write one. Not because this book was excellent, but because I was quite disappointed. I am not an expert in *nix security by any means; however, this book is exteremly basic. The target audience for this book is someone who has little or no knowledge in linux or unix internals and security.
If you already know unix or linux, but are not familiar with tools like Nessus, nmap, wireshark, tcpdump, netcat, etc… just go directly to [...], where you can find the compilied list of the top 100 security tools from the nmap-hackers mailing list.
What a waste of time and money.
Rating: 1 / 5
The title may mislead readers to believe that this book discusses actual forensics of Unix and Linux systems. It does not. The authors waste precious pages in this short book discussing their favorite cool Linux apps like Nessus and Metasploit but don’t have any meaningful discussion about the various flavors of Unix: AIX, Solaris, *BSD, etc. Their “Unix and Linux” forensic book is almost entirely about Linux. There is no thoughtful discussion about filesystem forensics; no technical detail helpful to Forensic Examiners.
The few moments where the authors approach a meaningful forensic topic, the reader is redirected to an online resource rather than provided an analysis or explanation within the book.
The book title may lead readers to believe that an accompanying DVD contains a Unix forensic toolkit of some kind. In fact, there is only 1.8 MB of documents and no tools save for a few (4) short Bash scripts that hardly cover a thorough forensics examination: live or otherwise. One of the scripts is only one line. One of these documents is an incomplete 3.5 page summary of Sleuthkit tools. By “incomplete” I mean that it is apparent that the author decided to quit writing. Apparently there was no room in this 236 page, 14-gauge font book to cover in any detail the different Unix filesystems, data acquisition, data carving or static filesystem analysis. But the authors make plenty of room to discuss scanning with Unix tools (nmap, nessus, etc.).
There is a section entitled “Malware” except that no malware sample is actually examined. The reader is briefly introduced to Panda’s AV scanner and is walked through how to use ClamAV as if that is the only AV scanner available for either a Unix user or Forensic Examiner. Forensic Examiners should pay very close attention to AntiVirus product comparative reviews.
The book cover boasts that this is the “only digital forensic analysis book for *nix”. Indeed there may be little in the way of books solely dedicated to Unix forensics but other books cover Unix forensics with greater detail than this one. For example, Brian Carrier’s “Filesystem Forensic Analysis” or Jones, Bejtlich and Rose’s “Real Digital Forensics”.
The book cover also boasts that readers can “Hit the ground running” with the information within. Unfortunately, if readers expect the content to help them bridge a gap between Windows and Unix, they will hit the ground with a resounding thud. If any Forensics Examiner finds value in the content of this book for actual Unix forensic investigations, I would question that examiner’s experience and training.
If the authors wanted to write a book about cool Linux tools or network scanning, they should have entitled the book differently. Perhaps “A Beginner’s Guide to Using Linux and Linux Security Applications”.
I felt the title was misleading and false advertising. The authors take advantage of the word “Forensics” to sell a book that is not about forensics. For $53.95 I expected much more and was extremely disappointed and disgusted at the inferiority of the content.
Rating: 1 / 5