Practical Linux Forensics: A Guide for Digital Investigators 303146
Код товару: 303146Паперова книга
-
ISBN978-1718501966
-
Бренд
-
Автор
-
Рік2021
-
МоваАнглійська
-
ІлюстраціїЧорно-білі
A resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack.
Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. You’ll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. The techniques shown are intended to be independent of the forensic analysis platforms and tools used.
Learn how to:
- Extract evidence from storage devices and analyze partition tables, volume managers, popular Linux filesystems (Ext4, Btrfs, and Xfs), and encryption
- Investigate evidence from Linux logs, including traditional syslog, the systemd journal, kernel and audit logs, and logs from daemons and applications
- Reconstruct the Linux startup process, from boot loaders (UEFI and Grub) and kernel initialization, to systemd unit files and targets leading up to a graphical login
- Perform analysis of power, temperature, and the physical environment of a Linux machine, and find evidence of sleep, hibernation, shutdowns, reboots, and crashes
- Examine installed software, including distro installers, package formats, and package management systems from Debian, Fedora, SUSE, Arch, and other distros
- Perform analysis of time and Locale settings, internationalization including language and keyboard settings, and geolocation on a Linux system
- Reconstruct user login sessions (shell, X11 and Wayland), desktops (Gnome, KDE, and others) and analyze keyrings, wallets, trash cans, clipboards, thumbnails, recent files and other desktop artifacts
- Analyze network configuration, including interfaces, addresses, network managers, DNS, wireless artifacts (Wi-Fi, Bluetooth, WWAN), VPNs (including WireGuard), firewalls, and proxy settings
- Identify traces of attached peripheral devices (PCI, USB, Thunderbolt, Bluetooth) including external storage, cameras, and mobiles, and reconstruct printing and scanning activity
About the Author
Bruce Nikkel is a professor at the Bern University of Applied Sciences in Switzerland, specializing in digital forensics and cybercrime. He is co-head of the university’s research institute for cybersecurity and engineering, and director of the Masters program in Digital Forensics and Cyber Investigation. In addition to his academic work, he has worked in risk and security departments at a global financial institution since 1997. He headed the bank's Cybercrime Intelligence & Forensic Investigation team for more than 15 years and currently works as an advisor. Bruce holds a PhD in network forensics, is the author of Practical Forensic Imaging (No Starch Press, 2016), and is an editor with Forensic Science International’s Digital Investigation journal. He has been a Unix and Linux enthusiast since the 1990s.
750 ₴
Купити
Monobank
от 84 ₴ / міс.
до 10 платежей
Покупка частинами Monobank
₴ / місяць
Для використання функції «Покупка частинами» необхідно мати картку Monobank.
Розділивши оплату на певну кількість платежів (від 3 до 10),
ви платите лише одну частину. Решта – раз на місяць списуватиметься з вашої карти.
Послуга може бути використана при замовлення на суму від 600 грн.
Увага! При покупці частинами знижки на товари не враховуються.
Щоб скористатися цією функцією, додайте в кошик товарів на суму від 600 грн.
На сторінці оформлення замовлення вкажіть спосіб оплати «Покупка частинами Monobank». Підтвердьте покупку у програмі Monobank.
-
Нова ПоштаБезкоштовно від
3'000,00 ₴ -
УкрпоштаБезкоштовно від
1'000,00 ₴ -
Meest ПоштаБезкоштовно від
3'000,00 ₴
Інші книги No Starch Press
259260
Характеристики
- Бренд
- Автор
- КатегоріяПрограмування
- Рік2021
- Сторінок400
- Формат165х235 мм
- ОбкладинкаМ'яка
- Тип паперуОфсетний
- МоваАнглійська
- ІлюстраціїЧорно-білі
Від видавця
A resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack.
Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. You’ll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. The techniques shown are intended to be independent of the forensic analysis platforms and tools used.
Learn how to:
- Extract evidence from storage devices and analyze partition tables, volume managers, popular Linux filesystems (Ext4, Btrfs, and Xfs), and encryption
- Investigate evidence from Linux logs, including traditional syslog, the systemd journal, kernel and audit logs, and logs from daemons and applications
- Reconstruct the Linux startup process, from boot loaders (UEFI and Grub) and kernel initialization, to systemd unit files and targets leading up to a graphical login
- Perform analysis of power, temperature, and the physical environment of a Linux machine, and find evidence of sleep, hibernation, shutdowns, reboots, and crashes
- Examine installed software, including distro installers, package formats, and package management systems from Debian, Fedora, SUSE, Arch, and other distros
- Perform analysis of time and Locale settings, internationalization including language and keyboard settings, and geolocation on a Linux system
- Reconstruct user login sessions (shell, X11 and Wayland), desktops (Gnome, KDE, and others) and analyze keyrings, wallets, trash cans, clipboards, thumbnails, recent files and other desktop artifacts
- Analyze network configuration, including interfaces, addresses, network managers, DNS, wireless artifacts (Wi-Fi, Bluetooth, WWAN), VPNs (including WireGuard), firewalls, and proxy settings
- Identify traces of attached peripheral devices (PCI, USB, Thunderbolt, Bluetooth) including external storage, cameras, and mobiles, and reconstruct printing and scanning activity
About the Author
Bruce Nikkel is a professor at the Bern University of Applied Sciences in Switzerland, specializing in digital forensics and cybercrime. He is co-head of the university’s research institute for cybersecurity and engineering, and director of the Masters program in Digital Forensics and Cyber Investigation. In addition to his academic work, he has worked in risk and security departments at a global financial institution since 1997. He headed the bank's Cybercrime Intelligence & Forensic Investigation team for more than 15 years and currently works as an advisor. Bruce holds a PhD in network forensics, is the author of Practical Forensic Imaging (No Starch Press, 2016), and is an editor with Forensic Science International’s Digital Investigation journal. He has been a Unix and Linux enthusiast since the 1990s.
Practical Linux Forensics: A Guide for Digital Investigators
750 ₴
Персонально для вас
261737
650 ₴
263353
1'400 ₴
259116
1'700 ₴
259133
1'700 ₴
263517
1'700 ₴
Відгуки про Practical Linux Forensics: A Guide for Digital Investigators