or
Sign in to turn on 1-Click ordering.
Trade in Yours
For a £0.70 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Colour:
Image not available

 
Tell the Publisher!
I’d like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Forensic Discovery [Hardcover]

Dan Farmer , Wietse Venema
5.0 out of 5 stars  See all reviews (2 customer reviews)
RRP: £33.99
Price: £24.60 & FREE Delivery in the UK. Details
You Save: £9.39 (28%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Usually dispatched within 1 to 3 weeks.
Dispatched from and sold by Amazon. Gift-wrap available.

Formats

Amazon Price New from Used from
Hardcover £24.60  
Paperback --  
Trade In this Item for up to £0.70
Trade in Forensic Discovery for an Amazon Gift Card of up to £0.70, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Book Description

30 Dec 2004 020163497X 978-0201634976 1

"Don't look now, but your fingerprints are all over the cover of this book. Simply picking it up off the shelf to read the cover has left a trail of evidence that you were here.

    "If you think book covers are bad, computers are worse. Every time you use a computer, you leave elephant-sized tracks all over it. As Dan and Wietse show, even people trying to be sneaky leave evidence all over, sometimes in surprising places.

    "This book is about computer archeology. It's about finding out what might have been based on what is left behind. So pick up a tool and dig in. There's plenty to learn from these masters of computer security."
   --Gary McGraw, Ph.D., CTO, Cigital, coauthor of Exploiting Software and Building Secure Software

"A wonderful book. Beyond its obvious uses, it also teaches a great deal about operating system internals."
   --Steve Bellovin, coauthor of Firewalls and Internet Security, Second Edition, and Columbia University professor

"A must-have reference book for anyone doing computer forensics. Dan and Wietse have done an excellent job of taking the guesswork out of a difficult topic."
   --Brad Powell, chief security architect, Sun Microsystems, Inc.

"Farmer and Venema provide the essential guide to 'fossil' data. Not only do they clearly describe what you can find during a forensic investigation, they also provide research found nowhere else about how long data remains on disk and in memory. If you ever expect to look at an exploited system, I highly recommend reading this book."
   --Rik Farrow, Consultant, author of Internet Security for Home and Office

"Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. Forensic Discovery unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder."
   --Richard Bejtlich, technical director, ManTech CFIA, and author of The Tao of Network Security Monitoring

"Farmer and Venema are 'hackers' of the old school: They delight in understanding computers at every level and finding new ways to apply existing information and tools to the solution of complex problems."
   --Muffy Barkocy, Senior Web Developer, Shopping.com

"This book presents digital forensics from a unique perspective because it examines the systems that create digital evidence in addition to the techniques used to find it. I would recommend this book to anyone interested in learning more about digital evidence from UNIX systems."
   --Brian Carrier, digital forensics researcher, and author of File System Forensic Analysis

The Definitive Guide to Computer Forensics: Theory and Hands-On Practice

Computer forensics--the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators--is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject.

Dan Farmer and Wietse Venema cover both theory and hands-on practice, introducing a powerful approach that can often recover evidence considered lost forever.

The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a wide variety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one's own forensic tools. The authors are singularly well-qualified to write this book: They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.

After reading this book you will be able to

  • Understand essential forensics concepts: volatility, layering, and trust
  • Gather the maximum amount of reliable evidence from a running system
  • Recover partially destroyed information--and make sense of it
  • Timeline your system: understand what really happened when
  • Uncover secret changes to everything from system utilities to kernel modules
  • Avoid cover-ups and evidence traps set by intruders
  • Identify the digital footprints associated with suspicious activity
  • Understand file systems from a forensic analyst's point of view
  • Analyze malware--without giving it a chance to escape
  • Capture and examine the contents of main memory on running systems
  • Walk through the unraveling of an intrusion, one step at a time

The book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.





Product details

  • Hardcover: 240 pages
  • Publisher: Addison Wesley; 1 edition (30 Dec 2004)
  • Language: English
  • ISBN-10: 020163497X
  • ISBN-13: 978-0201634976
  • Product Dimensions: 18.3 x 2 x 24.3 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (2 customer reviews)
  • Amazon Bestsellers Rank: 963,985 in Books (See Top 100 in Books)
  • See Complete Table of Contents

More About the Author

Discover books, learn about writers, and more.

Product Description

From the Back Cover

"Don't look now, but your fingerprints are all over the cover of this book. Simply picking it up off the shelf to read the cover has left a trail of evidence that you were here.
"If you think book covers are bad, computers are worse. Every time you use a computer, you leave elephant-sized tracks all over it. As Dan and Wietse show, even people trying to be sneaky leave evidence all over, sometimes in surprising places.
"This book is about computer archeology. It's about finding out what might have been based on what is left behind. So pick up a tool and dig in. There's plenty to learn from these masters of computer security."
--Gary McGraw, Ph.D., CTO, Cigital, coauthor of Exploiting Software and Building Secure Software
"A wonderful book. Beyond its obvious uses, it also teaches a great deal about operating system internals."
--Steve Bellovin, coauthor of Firewalls and Internet Security, Second Edition, and Columbia University professor
"A must-have reference book for anyone doing computer forensics. Dan and Wietse have done an excellent job of taking the guesswork out of a difficult topic."
--Brad Powell, chief security architect, Sun Microsystems, Inc.
"Farmer and Venema provide the essential guide to 'fossil' data. Not only do they clearly describe what you can find during a forensic investigation, they also provide research found nowhere else about how long data remains on disk and in memory. If you ever expect to look at an exploited system, I highly recommend reading this book."
--Rik Farrow, Consultant, author of Internet Security for Home and Office
"Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. Forensic Discovery unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder."
--Richard Bejtlich, technical director, ManTech CFIA, and author of The Tao of Network Security Monitoring
"Farmer and Venema are 'hackers' of the old school- They delight in understanding computers at every level and finding new ways to apply existing information and tools to the solution of complex problems."
--Muffy Barkocy, Senior Web Developer, Shopping.com
"This book presents digital forensics from a unique perspective because it examines the systems that create digital evidence in addition to the techniques used to find it. I would recommend this book to anyone interested in learning more about digital evidence from UNIX systems."
--Brian Carrier, digital forensics researcher, and author of File System Forensic AnalysisThe Definitive Guide to Computer Forensics- Theory and Hands-On Practice
Computer forensics--the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators--is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present a thorough and realistic guide to the subject.
Dan Farmer and Wietse Venema cover both theory and hands-on practice, introducing a powerful approach that can often recover evidence considered lost forever.
The authors draw on their extensive firsthand experience to cover everything from file systems, to memory and kernel hacks, to malware. They expose a wide variety of computer forensics myths that often stand in the way of success. Readers will find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for writing one's own forensic tools. The authors are singularly well-qualified to write this book- They personally created some of the most popular security tools ever written, from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.
After reading this book you will be able to
Understand essential forensics concepts- volatility, layering, and trust
Gather the maximum amount of reliable evidence from a running system
Recover partially destroyed information--and make sense of it
Timeline your system- understand what really happened when
Uncover secret changes to everything from system utilities to kernel modules
Avoid cover-ups and evidence traps set by intruders
Identify the digital footprints associated with suspicious activity
Understand file systems from a forensic analyst's point of view
Analyze malware--without giving it a chance to escape
Capture and examine the contents of main memory on running systems
Walk through the unraveling of an intrusion, one step at a time
The book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.

About the Author

Dan Farmer is author of a variety of security programs and papers. He is currently chief technical officer of Elemental Security, a computer security software company. Together he and Wietse Venema, have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit.

Wietse Venema has written some of the world's most widely used software, including TCP Wrapper and the Postfix mail system. He is currently a research staff member at IBM Research. Together, he and Dan Farmer have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit.




Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Customer Reviews

4 star
0
3 star
0
2 star
0
1 star
0
5.0 out of 5 stars
5.0 out of 5 stars
Most Helpful Customer Reviews
8 of 8 people found the following review helpful
5.0 out of 5 stars I love this technical UNIX book about forensics 25 April 2006
Format:Hardcover
This review is biased since I have used the excellent software

and security publications provided by Dan Farmer and Wietse Venema going back to the early years of the 90's. The days of the articles "Improving the Security of Your Site by Breaking Into it" and SATAN.

It was thus natural to buy this book and I bought it on March 5th at Linuxforum 2005 conference and finished reading it around March 12th.

While this might not seem like a big feat since the book is only just over 200 pages it really was a pleasure to read it.

The wording is very carefull and the information is densely packed into the pages accompanied with some clear figures illustrating the points explained in the text.

What is the book about?

This book is about Computer Forensic and UNIX. The focus is on basic techniques and terminology introducing the important concept of volatility while describing processes, file systems and listing important results from extensive experiments on real data.

The information is presented with the authority of these gurus and there is no reason to distrust the results presented because they support other articles saying the same - but goes even further.

An important point in this book is that they focus on discovering the facts found on systems - even though that might impede further legal actions. The results is that they present evidence of the deepest burried kind of information you can get from the data.

Much of this book details the inner workings of UNIX and if you have enjoyed reading an operating systems book describing the layout of processes and structures you will surely love this book for presenting it in such a short and precise manner.
Read more ›
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
By Kaaylos
Format:Hardcover|Verified Purchase
I really enjoyed this book. It delievered on what it promised with an excellent technical introduction to the subject. I will never look at a UNIX prompt in quite the same way again!
Comment | 
Was this review helpful to you?
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com: 4.7 out of 5 stars  16 reviews
22 of 23 people found the following review helpful
4.0 out of 5 stars Brief but intense 24 Jan 2005
By Jack D. Herrington - Published on Amazon.com
Format:Hardcover
They say it's good to leave your audience wanting more, but I'm not sure how correct that is with tech books. In this case I am definitely wanting more. About a third of the book is on basic operating system introductory material. The rest of the book starts to get in-depth on file system analysis, hacker trapping, and some basic data analysis. But then it ends. And I wanted more.

Definitely a good start at file system analysis, specifically on Unix machines. But you will definitely be left wanting more of the same.
12 of 12 people found the following review helpful
5.0 out of 5 stars Great Information from Two Network Security Legends 11 April 2005
By sixmonkeyjungle - Published on Amazon.com
Format:Hardcover
I have learned a lot from other computer forensics books such as Harlan Carvey's Windows Forensics and Incident Recovery or Kevin Mandia and Chris Prosise's Incident Response and Computer Forensics - 2nd Edition, but this one has a slightly different approach and conveys a lot of good, detailed information in a relatively concise book.

The book is aimed at readers who wish to gain a deeper understanding of how computer systems work, particularly system administrators or those who may actually be tasked with performing a forensic investigation. The book does assume some level of computer knowledge such as the basic concepts of networking, system processes or file systems and is not intended for pure novices.

Farmer and Venema focus a fair amount of attention on the concept of time and how to use it in a forensic investigation. They also highlight a sort of order of operations for how to proceed to try and ensure you retrieve volatile data before it disappears.

Computer forensics is an area of network and computer security that I am particularly interested in. This is an excellent book which I highly recommend. It is well-written and very educational, but it is also a fairly quick read.

[...]
13 of 13 people found the following review helpful
5.0 out of 5 stars Small on size, but big on detail 11 Mar 2005
By Kevin J. Schmidt - Published on Amazon.com
Format:Hardcover
This book is small, but it is packed with information. The book is easy to read. I learned a thing or two myself about UNIX filesystems regarding forensics. Every serious security practioner should read this book.
11 of 11 people found the following review helpful
5.0 out of 5 stars Superb forensics book on evidence discovery 20 April 2005
By Dr Anton Chuvakin - Published on Amazon.com
Format:Hardcover
I enjoyed the book ("Forensic Discovery") since it came when I was preparing for my SANS forensics certification (GCFA). Obviously, the "household" names on the cover caught my attention as well. I used TCT and other tools created by the authors and thus my expectations for the book were pretty high. It did deliver! I picked up a whole lot of tidbits on file system forensics as well as malware and compromised system investigation. Unlike some other volumes, this book does not seek to be comprehensive; instead, it focuses on the fun things and focuses on them well.

In particular, I liked authors' ideas and tips on the OOV (order of volatility) of evidence. While not new, they are extremely well-presented in the book. Other highly useful sections were the ones on time stamps and their analysis and file deletion analysis (with thorough persistence of deleted file analysis). I did not like the sections on malware analysis that much, likely because some other book go way more in-depth then this one (like, for example recent Szor's book on viruses).

The book mostly covers Unix, Windows is also mentioned a couple of times.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org
14 of 17 people found the following review helpful
5.0 out of 5 stars A focused look at digital forensics by two pioneers 31 Jan 2005
By Richard Bejtlich - Published on Amazon.com
Format:Hardcover
Farmer and Venema do for digital archaeology what Indiana Jones did for historical archaeology. 'Forensic Discovery' unearths hidden treasures in enlightening and entertaining ways, showing how a time-centric approach to computer forensics reveals even the cleverest intruder. I highly recommend reading this book.

I appreciate books that don't rehash previously published material. Plenty of authors have written books with the word 'forensics' in the title, and many impart little or no useful or original information. (Exceptions include this book, along with Mandia and Prosise's 'Incident Response and Computer Forensics, 2nd Ed' and Jones' 'Real Digital Forensics,' forthcoming.) While 'Forensic Discovery' discusses concepts familiar to kernel developers or others with low-level operating system knowledge, the book is useful because it places such details in the concept of a security investigation.

'Forensic Discovery' is exactly the sort of forensic book I enjoy, because it is primarily concerned with intrusions. Broadly speaking, there are two types of 'forensic investigators:' those that know how to image a hard drive and search for pornography, and those that know how to respond to and investigate an intrusion. Farmer and Venema are clearly in the second category, and their examples focus on intrusion scenarios rather than workplace misuse of the Internet. Their statement regarding the conservative approach advocated by the US DoJ on p. 195 makes their stance clear.

Chapters 6 and 8 were two of my favorites. Ch 6 discusses virtual machines, system call and library monitoring, and debugging. The authors also show the relationship between disassembled code and decompiled C source code. Ch 8 offers a solid introduction to virtual memory managers. Throughout the book Farmer and Venema give command equivalents for Linux, FreeBSD, and Solaris. Windows makes infrequent appearances,, although ch 8 presents a Windows memory dump case.

'Forensic Discovery' is unique in that many of the author's conclusions are based on their own experiments. They seek to gauge file system and memory persistence using real-world systems, rather than unsubstantiated theories. 'Forensic Discovery' complements books on analyzing malware and victim systems, such as those by Skoudis, Carrier, Hoglund, and Jones. At 198 pages it is a quick read, but definitely worth your time and money.
Were these reviews helpful?   Let us know
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   


Look for similar items by category


Feedback