rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9781597492690

UNIX and Linux Forensic Analysis DVD Toolkit

by ; ;
  • ISBN13:

    9781597492690

  • ISBN10:

    1597492698

  • Edition: DVD
  • Format: Paperback
  • Copyright: 2008-06-16
  • Publisher: Elsevier Science Ltd
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $64.95
  • Digital
    $77.94*
    Add to Cart

    DURATION
    PRICE
    *To support the delivery of the digital material to you, a digital delivery fee of $3.99 will be charged on each digital item.

Summary

This book addresses topics in the area of forensic analysis of systems running on variants of the UNIX operating system, which is the choice of hackers for their attack platforms. According to a 2007 IDC report, UNIX servers account for the second-largest segment of spending (behind Windows) in the worldwide server market with $4.2 billion in 2Q07, representing 31.7% of corporate server spending. UNIX systems have not been analyzed to any significant depth largely due to a lack of understanding on the part of the investigator, an understanding and knowledge base that has been achieved by the attacker. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors. The book begins with a chapter to describe why and how the book was written, and for whom, and then immediately begins addressing the issues of live response (volatile) data collection and analysis. The book continues by addressing issues of collecting and analyzing the contents of physical memory (i.e., RAM). The following chapters address /proc analysis, revealing the wealth of significant evidence, and analysis of files created by or on UNIX systems. Then the book addresses the underground world of UNIX hacking and reveals methods and techniques used by hackers, malware coders, and anti-forensic developers. The book then illustrates to the investigator how to analyze these files and extract the information they need to perform a comprehensive forensic analysis. The final chapter includes a detailed discussion of Loadable Kernel Modules and Malware. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors. Throughout the book the author provides a wealth of unique information, providing tools, techniques and information that won't be found anywhere else. Not only are the tools provided, but the author also provides sample files so that after completing a detailed walk-through, the reader can immediately practice the new-found skills. * The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else. * This book contains information about UNIX forensic analysis that is not available anywhere else. Much of the information is a result of the author?s own unique research and work. * The authors have the combined experience of Law Enforcement, Military, and Corporate forensics. This unique perspective makes this book attractive to ALL forensic investigators.

Table of Contents

Introductionp. 1
Historyp. 2
Target Audiencep. 3
What is Coveredp. 3
What is Not Coveredp. 6
Understanding Unixp. 9
Introductionp. 10
Unix, UNIX, Linux, and *nixp. 10
Linux Distributionsp. 12
Get a Linux!p. 12
Booting Ubuntu Linux from the LiveCDp. 15
The Shellp. 18
All Hail the Shellp. 20
Essential Commandsp. 20
Highlights of The Linux Security Modelp. 25
The *nix File system Structurep. 29
Mount points: What the Heck are They?p. 31
File Systemsp. 34
Ext2/Ext3p. 35
Summaryp. 37
Live Response: Data Collectionp. 39
Introductionp. 40
Prepare the Target Mediap. 41
Mount the Drivep. 41
Format the Drivep. 42
Format the Disk with the ext File Systemp. 42
Gather Volatile Informationp. 43
Prepare a Case Logbookp. 43
Acquiring the Imagep. 55
Preparation and Planningp. 55
DDp. 56
Bootable *nix ISOsp. 60
Helixp. 60
Knoppixp. 61
BackTrack 2p. 62
Insertp. 63
EnCase LinEnp. 63
FTK Imagerp. 65
ProDiscoverp. 68
Summaryp. 70
Initial Triage and Live Response: Data Analysisp. 71
Introductionp. 72
Initial Triagep. 72
Log Analysisp. 74
zgrepp. 76
Tailp. 76
Morep. 76
Lessp. 77
Keyword Searchesp. 77
strings /proc/kcore-t d > /tmp/kcore_outfilep. 78
File and Directory Namesp. 79
IP Addresses and Domain Namesp. 80
Tool Keywordsp. 80
Tricks of the Tradep. 82
User Activityp. 86
Shell Historyp. 86
Logged on Usersp. 87
Network Connectionsp. 89
Running Processesp. 92
Open File Handlersp. 95
Summaryp. 98
The Hacking Top 10p. 99
Introductionp. 100
The Hacking Top Tenp. 104
Netcatp. 105
Reconnaissance Toolsp. 106
Nmapp. 106
Nessusp. 110
Try it Outp. 111
Configuring Nessusp. 111
Plug-insp. 113
Portsp. 114
Targetp. 114
Niktop. 116
Wiresharkp. 118
Canvas/Core Impactp. 120
The Metasploit Frameworkp. 121
Parosp. 134
hping2 - Active Network Smashing Toolp. 138
Ettercapp. 144
Summaryp. 152
The /Proc File Systemp. 153
Introductionp. 154
cmdlinep. 155
cpuinfop. 155
diskstatsp. 156
driver/rtcp. 156
filesystemsp. 156
kallsyms (ksyms)p. 157
kcorep. 157
modulesp. 158
mountsp. 158
partitionsp. 159
sys/p. 159
uptimep. 159
versionp. 159
Process IDsp. 159
cmdlinep. 160
cwdp. 161
environp. 161
exep. 161
fdp. 161
loginuidp. 162
Putting It All Togetherp. 162
sysfsp. 166
modulesp. 166
blockp. 166
File Analysisp. 169
The Linux Boot Processp. 170
init and runlevelsp. 171
System and Security Configuration Filesp. 173
Users, Groups, and Privilegesp. 173
Cron Jobsp. 176
Log Filesp. 176
Whop. 177
Where and Whatp. 177
Identifying Other Files of Interestp. 178
SUID and SGID Root Filesp. 178
Recently Modified/Accessed/Created Filesp. 179
Modified System Filesp. 180
Out-of-Place inodesp. 180
Hidden Files and Hiding Placesp. 181
Malwarep. 183
Introductionp. 184
Virusesp. 185
Storms on the Horizonp. 188
Do it Yourself with Panda and Clamp. 190
Download ClamAVp. 190
Install ClamAVp. 190
Updating Virus Database with Freshclamp. 191
Scanning the Target Directoryp. 192
Download Panda Antivirusp. 193
Install Panda Antivirusp. 193
Scanning the Target Directoryp. 193
Web Referencesp. 194
Implementing Cybercrime Detection Techniques on Windows and *nixp. 195
Introductionp. 196
Security Auditing and Log Filesp. 197
Auditing for Windows Platformsp. 199
Auditing for UNIX and Linux Platformsp. 206
Firewall Logs, Reports, Alarms, and Alertsp. 208
Commercial Intrusion Detection Systemsp. 211
Characterizing Intrusion Detection Systemsp. 212
Commercial IDS Playersp. 217
IP Spoofing and Other Antidetection Tacticsp. 218
Honeypots, Honeynets, and Other "Cyberstings"p. 220
Summaryp. 223
Frequently Asked Questionsp. 226
Indexp. 229
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program