Join Books.org — it's free
Home > Books > Forensic Discovery

Computer Security, Database Administration & Management, Law Enforcement - Sciences, Investigations & Procedures
Forensic Discovery by Dan Farmer, Wietse Venema — book cover

Forensic Discovery

by Dan Farmer, Wietse Venema
Write a review
Log in to track your reading progress.

Overview

Computer forensics, the art and science of gathering and analyzing digital evidence, reconstructing data and attacks, and tracking perpetrators, is becoming ever more important as IT and law enforcement professionals face an epidemic in computer crime. In Forensic Discovery, two internationally recognized experts present the most thorough and realistic guide to the subject ever published. Dan Farmer and Wietse Venema cover both theory and hands-on practice, introducing a powerful approach that can often recover evidence considered lost forever.

The authors draw on their extensive firsthand experience to cover everything from file systems to memory, kernel hacks to malware. Along they way, they expose a wide variety of computer forensics myths that stand in the way of success. You'll find extensive examples from Solaris, FreeBSD, Linux, and Microsoft Windows, as well as practical guidance for using many of today's most powerful forensic tools. The authors are singularly well-qualified to write this book: They personally created many of those tools--from the legendary SATAN network scanner to the powerful Coroner's Toolkit for analyzing UNIX break-ins.

After reading this book you will be able to

  • Understand essential forensics concepts: volatility, layering, and trust
  • Gather the maximum amount of reliable evidence from a running system
  • Recover partially destroyed information--and make sense of it
  • Timeline your system: understand what really happened when
  • Uncover secret changes to everything from system utilities to kernel modules
  • Avoid cover-ups and evidence traps set by intruders
  • Identify the digital footprints associated with suspicious activity
  • Understand file systems from a forensic analyst's point of view
  • Analyze malware--and prevent it from escaping
  • Capture and examine the contents of main memory on running systems
  • Walk through unraveling an intrusion, one step at a time
  • Use your evidence to apprehend intruders--and make sure it stands up in court

This book's companion Web site contains complete source and binary code for open source software discussed in the book, plus additional computer forensics case studies and resource links.

About the Author, Dan Farmer, Wietse Venema

Dan Farmer is author of a variety of security programs and papers. He is currently chief technical officer of Elemental Security, a computer security software company. Together he and Wietse Venema, have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit.

Wietse Venema has written some of the world's most widely used software, including TCP Wrapper and the Postfix mail system. He is currently a research staff member at IBM Research. Together, he and Dan Farmer have written many of the world's leading information security and forensics packages, including the SATAN network security scanner and the Coroner's Toolkit.

Reviews

There are no reviews yet. Log in to write one.

Editorials

From Barnes & Noble

The Barnes & Noble Review
Think of it as CSI: Unix, Linux, and Windows. The creators of the legendary SATAN and Coroner’s Toolkit security packages have written the definitive guide to forensics problem solving, analysis, and discovery.

Forensic data can be found everywhere you look -- if you know how. So Dan Farmer and Wietse Venema systematically explain how information and traces of past events persist, and how to recover and assess them.

You’ll learn how computer architecture impacts your analysis; then master the crucial concept of timelining: drawing on host- and network-based information to understand what happened when. (The authors present a case study intrusion that lasted a full year.)

Farmer and Venema systematically demonstrate how to examine file systems and evaluate the trustworthiness of the data you capture. You’ll learn how to identify subversions of user processes and operating systems -- from simple changes to malicious kernel modules. There’s a chapter on uncovering the hidden purpose of malware. You’ll even learn how to discover clues in RAM (for example, decrypted contents of encrypted files).

This book is about the spirit and thinking involved in successful forensic analysis. It’s not a “cookbook.” But there are more than enough specific techniques and tools coverage to make you effective in real-world investigations. There are plenty of examples, too: from Solaris, FreeBSD, Linux, occasionally Windows. Strikingly, however, the underlying principles remain constant regardless of environment. And whether you’re a sysadmin or law enforcement professional, you need to know them. Bill Camarda, from the February 2005 Read Only

Book Details

Published
June 18, 2026
Publisher
Addison-Wesley
Pages
217
Format
Hardcover
ISBN
9780201634976

Similar books

Computer And Intrusion Forensics
Computer And Intrusion Forensics
Privacy Protection and Computer Forensics(Artech House Computer Security Series)
Privacy Protection and Computer Forensics(Artech House Computer Security Series)
iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets
iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets
Windows Forensic Analysis DVD Toolkit
Windows Forensic Analysis DVD Toolkit
Internet Forensics
Internet Forensics
Computer Forensics and Cyber Crime: An Introduction
Computer Forensics and Cyber Crime: An Introduction
Real Digital Forensics: Computer Security and Incident Response
Real Digital Forensics: Computer Security and Incident Response
Computer Forensics: Incident Response Essentials
Computer Forensics: Incident Response Essentials
Cyber Forensics: A Field Manual for Collecting,Examining,and Preserving Evidence of Computer Crimes
Cyber Forensics: A Field Manual for Collecting,Examining,and Preserving Evidence of Computer Crimes
Guide to Computer Forensics and Investigations
Guide to Computer Forensics and Investigations