Forensic Discovery (Addison-Wesley Professional Computing Series)

View larger picture

List price: $44.99 Amazon price: $35.99 You save: $9 (20%) Prices subject to change. Used price: $15.99 Availability: Buy Now at Amazon

Product Details

Author: Dan Farmer
Binding: Hardcover
EAN: 9780201634976
Label: Addison-Wesley Professional
Dimension: 0.87 x 9.21 x 7.09 inches
ISBN: 020163497X
Manufacturer: Addison-Wesley Professional
Publisher: Addison-Wesley Professional
Number of items: 1
Number of pages: 240
Publication date: January 09, 2005
Studio: Addison-Wesley Professional

---

Ratings & Comments (Average:)

---

- A Neophyte's Perspective
While I'm not a computer security specialist, by any means, nor do I even
have a lot of in depth knowledge regarding computers in general, I was
surprised at how much I did understand, and also at the fact that I did learn quite a bit. The authors' intended audience obviously was not a neophyte such as myself, but even a beginner can find many aspects of computer security interesting and eye opening. Stopping often to look up
words and ideas that appeared Martian,(to this super-neophyte,) I laud the authors' clear and succinct writing style.

---

- Nice look at Unix forensics!
I must admit that some parts of this book are "over my head". However, this book packs quite a punch with much insight into forensics and explanations that are detailed and accompanied by MANY practical examples. The authors do a fine job of making this book interesting and they actually keep it rather short (believe me, most books on the subject are). One possible flaw is that I'd probably prefer for it to have a bit more theory and a bit less practical examples.

---

- Forensic Discovery is a great resource
I read forensic discovery last week on the plane home from San Francisco. After a few chapters I was hooked and could barely put it down to eat. This book is absolutely recommended for anyone at all interested in security concepts as well as system administrators or anyone who would need to understand the way that information exists and persists on computer systems.

---

- More informative than books twice its size
This book is full of information on every single step involved in forensic incident response. I've had articles published on this same topic, and found this book informative above and beyond my prior research and industry experience. If you haven't had much IR experience on the UNIX side, you need this book.

---

- Superb forensics book on evidence discovery
I enjoyed the book ("Forensic Discovery") since it came when I was preparing for my SANS forensics certification (GCFA). Obviously, the "household" names on the cover caught my attention as well. I used TCT and other tools created by the authors and thus my expectations for the book were pretty high. It did deliver! I picked up a whole lot of tidbits on file system forensics as well as malware and compromised system investigation. Unlike some other volumes, this book does not seek to be comprehensive; instead, it focuses on the fun things and focuses on them well.

In particular, I liked authors' ideas and tips on the OOV (order of volatility) of evidence. While not new, they are extremely well-presented in the book. Other highly useful sections were the ones on time stamps and their analysis and file deletion analysis (with thorough persistence of deleted file analysis). I did not like the sections on malware analysis that much, likely because some other book go way more in-depth then this one (like, for example recent Szor's book on viruses).

The book mostly covers Unix, Windows is also mentioned a couple of times.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org

---