Linux Forensics+code

Купить бумажную книгу и читать

Название:Linux Forensics

Автор: Dr. Philip Polstra

Издательство: Pentester Academy

Год: 2015

Страниц: 370

Язык: English

Формат: pdf+code

Размер: 6,8 Mb

Linux Forensics is the most comprehensive and up-to-date resource for those wishing to quickly and efficiently perform forensics on Linux systems. It is also a great asset for anyone that would like to better understand Linux internals.

Linux Forensics will guide you step by step through the process of investigating a computer running Linux. Everything you need to know from the moment you receive the call from someone who thinks they have been attacked until the final report is written is covered in this book. All of the tools discussed in this book are free and most are also open source.

Dr. Philip Polstra shows how to leverage numerous tools such as Python, shell scripting, and MySQL to quickly, easily, and accurately analyze Linux systems. While readers will have a strong grasp of Python and shell scripting by the time they complete this book, no prior knowledge of either of these scripting languages is assumed. Linux Forensics begins by showing you how to determine if there was an incident with minimally invasive techniques. Once it appears likely that an incident has occurred, Dr. Polstra shows you how to collect data from a live system before shutting it down for the creation of filesystem images.

Linux Forensics contains extensive coverage of Linux ext2, ext3, and ext4 filesystems. A large collection of Python and shell scripts for creating, mounting, and analyzing filesystem images are presented in this book. Dr. Polstra introduces readers to the exciting new field of memory analysis using the Volatility framework. Discussions of advanced attacks and malware analysis round out the book.

Book Highlights

370 pages in large, easy-to-read 8.5 x 11 inch format

Over 9000 lines of Python scripts with explanations

Over 800 lines of shell scripts with explanations

A 102 page chapter containing up-to-date information on the ext4 filesystem

Two scenarios described in detail with images available from the book website

All scripts and other support files are available from the book website

Chapter Contents

First Steps

General Principles

Phases of Investigation

High-level Process

Building a Toolkit

Determining If There Was an Incident

Opening a Case

Talking to Users

Documenation

Mounting Known-good Binaries

Minimizing Disturbance to the Subject

Automation With Scripting

Live Analysis

Getting Metadata

Using Spreadsheets

Getting Command Histories

Getting Logs

Using Hashes

Dumping RAM

Creating Images

Shutting Down the System

Image Formats

DD

DCFLDD

Write Blocking

Imaging Virtual Machines

Imaging Physical Drives

Mounting Images

Master Boot Record Based Partions

GUID Partition Tables

Mounting Partitions In Linux

Automating With Python

Analyzing Mounted Images

Getting Timestamps

Using LibreOffice

Using MySQL

Creating Timelines

Extended Filesystems

Basics

Superblocks

Features

Using Python

Finding Things That Are Out Of Place

Inodes

Journaling

Memory Analysis

Volatility

Creating Profiles

Linux Commands

Dealing With More Advanced Attackers

Malware

Is It Malware?

Malware Analysis Tools

Static Analysis

Dynamic Analysis

Obfuscation

The Road Ahead

Learning More

Communities

Conferences

Certifications

book+code