Acerca de este artículo

Product Identifiers

PublisherNo Starch Press, Incorporated

ISBN-10171850196X

ISBN-139781718501966

eBay Product ID (ePID)19050399581

Product Key Features

Number of Pages400 Pages

LanguageEnglish

Publication NamePractical Linux Forensics : a Guide for Digital Investigators

SubjectOperating Systems / Linux, Sociology / General, Security / Cryptography

Publication Year2021

TypeTextbook

Subject AreaComputers, Social Science

AuthorBruce Nikkel

FormatTrade Paperback

Dimensions

Item Height1.1 in

Item Weight28 Oz

Item Length9.2 in

Item Width7.1 in

Additional Product Features

Intended AudienceTrade

LCCN2021-031364

Dewey Edition23

Reviews" Practical Linux Forensics is an excellent resource suitable for those new to Linux, as well as for experienced users. Whether you are an investigator, administrator, developer, or curious student, you will gain imperative knowledge that can easily be applied to your own field and endeavors." --Techtyte, Cybersecurity Researcher and Advanced Reviewer "Thorough . . . Even if this is your first foray into computer forensics, there is a lot to be gained from Nikkel's book." --Lee Teschler, Microcontroller Tips "After Practical Forensic Imaging , Bruce Nikkel has produced another fantastic learning resource and reference in Practical Linux Forensics . Made both for professionals more familiar with Windows or macOS forensics as well as adept Linux users looking to learn forensics, it does not need to be read linearly. Each chapter provides focused knowledge on different aspects of Linux systems in a distribution-agnostic manner. Definitely grab a copy to demystify this area of computer forensics." --Daniyal S., Advanced Reviewer "Bruce Nikkel shares some [insight on] really uncommon and least understood areas of the Linux network stack, which will be very valuable for practitioners . . . [ Practical Linux Forensics ] touches on areas ignored by other resources on the subject." --Arvind, Advanced Reviewer, " Practical Linux Forensics is an excellent resource suitable for those new to Linux, as well as for experienced users. Whether you are an investigator, administrator, developer, or curious student, you will gain imperative knowledge that can easily be applied to your own field and endeavors." --Techtyte, Cybersecurity Researcher and Advanced Reviewer

Dewey Decimal363.25968

Table Of ContentIntroduction Chapter 1: Digital Forensics Overview Chapter 2 : Linux Overview Chapter 3: Extracting Evidence from Storage Devices and Filesystems Chapter 4: Directory Layout and Forensic Analysis of Linux Files Chapter 5: Investigating Evidence from Linux Logs Chapter 6: Reconstructing System Boot and Initialization Chapter 7: Examination of Installed Software Packages Chapter 8: Identifying Network Configuration Artifacts Chapter 9: Forensic Analysis of Time and Location Chapter 10: Reconstructing User Desktops and Login Activity Chapter 11: Forensic Traces of Attached Peripheral Devices Afterword Appendix A: File and Directory List for Digital Investigators

SynopsisA resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack. Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. You'll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. The techniques shown are intended to be independent of the forensic analysis platforms and tools used. Learn how to: - Extract evidence from storage devices and analyze partition tables, volume managers, popular Linux filesystems (Ext4, Btrfs, and Xfs), and encryption - Investigate evidence from Linux logs, including traditional syslog, the systemd journal, kernel and audit logs, and logs from daemons and applications - Reconstruct the Linux startup process, from boot loaders (UEFI and Grub) and kernel initialization, to systemd unit files and targets leading up to a graphical login - Perform analysis of power, temperature, and the physical environment of a Linux machine, and find evidence of sleep, hibernation, shutdowns, reboots, and crashes - Examine installed software, including distro installers, package formats, and package management systems from Debian, Fedora, SUSE, Arch, and other distros - Perform analysis of time and Locale settings, internationalization including language and keyboard settings, and geolocation on a Linux system - Reconstruct user login sessions (shell, X11 and Wayland), desktops (Gnome, KDE, and others) and analyze keyrings, wallets, trash cans, clipboards, thumbnails, recent files and other desktop artifacts - Analyze network configuration, including interfaces, addresses, network managers, DNS, wireless artifacts (Wi-Fi, Bluetooth, WWAN), VPNs (including WireGuard), firewalls, and proxy settings - Identify traces of attached peripheral devices (PCI, USB, Thunderbolt, Bluetooth) including external storage, cameras, and mobiles, and reconstruct printing and scanning activity, A resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack. Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. You'll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. The techniques shown are intended to be independent of the forensic analysis platforms and tools used. Learn how to- Extract evidence from storage devices and analyze partition tables, volume managers, popular Linux filesystems (Ext4, Btrfs, and Xfs), and encryption Investigate evidence from Linux logs, including traditional syslog, the systemd journal, kernel and audit logs, and logs from daemons and applications Reconstruct the Linux startup process, from boot loaders (UEFI and Grub) and kernel initialization, to systemd unit files and targets leading up to a graphical login Perform analysis of power, temperature, and the physical environment of a Linux machine, and find evidence of sleep, hibernation, shutdowns, reboots, and crashes Examine installed software, including distro installers, package formats, and package management systems from Debian, Fedora, SUSE, Arch, and other distros Perform analysis of time and Locale settings, internationalization including language and keyboard settings, and geolocation on a Linux system Reconstruct user login sessions (shell, X11 and Wayland), desktops (Gnome, KDE, and others) and analyze keyrings, wallets, trash cans, clipboards, thumbnails, recent files and other desktop artifacts Analyze network configuration, including interfaces, addresses, network managers, DNS, wireless artifacts (Wi-Fi, Bluetooth, WWAN), VPNs (including WireGuard), firewalls, and proxy settings Identify traces of attached peripheral devices (PCI, USB, Thunderbolt, Bluetooth) including external storage, cameras, and mobiles, and reconstruct printing and scanning activity, Practical Linux Forensics dives into the details of analyzing postmortem images of Linux systems that were misused, abused, or attacked. You'll learn how to locate and interpret digital evidence on Linux desktops, servers, and IoT devices, and reconstruct a timeline of events after a crime or security incident. Following an overview of the Linux operating system, you'll learn how to analyze storage, filesystems, and installed software, as well as package management systems from a range of distributions. You'll investigate syslog, the systemd journal, kernel and audit logs, and daemon and application logs. In addition, you'll inspect network configurations including interfaces, addresses, network managers, DNS, wireless artifacts, VPNs, firewalls, and proxy settings. You'll also learn how to: Examine settings for time, locale, language, and keyboard, as well as timelines and geolocation, Reconstruct the Linux startup process, from system boot and kernel initialization to the login screen, Analyze partition tables, volume management, filesystems, directory layout, installed software, and network configuration, Perform historical analysis of power, temperature, and physical environment, as well as shutdowns, reboots, and crashes, Investigate user login sessions and identify traces of attached peripherals including disks, printers, and other external devices, This comprehensive guide is platform- and tool-agnostic and written for investigators with varying Linux skill levels. Begin your digital forensics journey here. Book jacket.

LC Classification NumberHV8079.C65N56 2022