Windows Forensics: The Field Guide for Corporate Computer Investigations Review

Average Reviews:

(More customer reviews)Are you looking to buy Windows Forensics: The Field Guide for Corporate Computer Investigations? Here is the right place to find the great deals. we can offer discounts of up to 90% on Windows Forensics: The Field Guide for Corporate Computer Investigations. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Windows Forensics: The Field Guide for Corporate Computer Investigations ReviewI decided to read and review three digital forensics books in order to gauge their strengths and weaknesses: "File System Forensic Analysis" (FSFA) by Brian Carrier, "Windows Forensics" (WF) by Chad Steel, and "EnCase Computer Forensics" (ECF) by Steve Bunting and William Wei. All three books contain the word "forensics" in the title, but they are very different. If you want authoritative and deeply technical guidance on understanding file systems, read FSFA. If you want to focus on understanding Windows from an investigator's standpoint, read WA. If you want to know more about EnCase (and are willing to tolerate or ignore information about forensics itself), read ECF.
In the spirit of full disclosure I should mention I am co-author of a forensics book ("Real Digital Forensics") and Brian Carrier cites my book "The Tao of Network Security Monitoring" on p 10. I tried to not let those facts sway my reviews.
WF is a great guide to forensic investigation of Windows. By this I mean WF presents Windows from the perspective of the important directories, files, and registry entries that help an analyst discover malfeasance. WF also covers some of the core applications one would expect to review during host-based forensics, like email, Web browsing history, and P2P application usage. I expected coverage of popular Windows application formats relevant to investigations, like .doc, .ppt, and .xls, but those were missing.
WF addresses the core operational aspects of host-centric forensics, like forming a team and acquiring evidence from live and dead targets. I did not think these sections were as good as material from what I consider the book best suited for all-around hands-on forensic use -- "Incident Response: Computer Forensics, 2nd Ed" by Mandia, Prosise, and Pepe. Live response is one area where I thought WF didn't shine too brightly. I did like the frequent mini-case studies which shared stories from the author's investigative experiences.
A few other aspects of WF resulted in me offering a four star review. I thought the discussion of "vampire taps" on p 157 revealed a real lack of contact with modern network monitoring methods. I don't know anyone who uses or recommends such a contraption in an era of network taps. I continue to question the need to build so-called "sniffing cables," especially when proper interface configuration serves the same purpose. Furthermore, a remotely managed sensor will not be able to hide its traffic on the network anyway, so savvy intruders can usually find them (unless a completely separate management network is run out-of-band). "Chapter 7" was also way too short -- 2 pages!
Although I liked the case studies, I thought there were far too many "gray box" entries. These contain useful hints, but their frequent appearance sometimes interrupted flow of the book. This indicates a need for better organization. Finally, I felt the recent Syngress book "Winternals" did a decent job explaining how to analyze malware, rootkits, and rogue processes on Windows. WF didn't explore this key aspect of Windows incident response.
Overall, however, I would recommend reading WF if you need to understand data sources from Windows systems. I suggest concentrating on the sections that explain where you'll find quality information on Windows, and rely on other sources for generic forensics guidance. I could see readers using WF as a primer for learning about key Windows artifacts, then searching for them in the image files in "Real Digital Forensics."Windows Forensics: The Field Guide for Corporate Computer Investigations OverviewThe evidence is in--to solve Windows crime, you need Windows toolsAn arcane pursuit a decade ago, forensic science today is a household term. And while the computer forensic analyst may not lead as exciting a life as TV's CSIs do, he or she relies just as heavily on scientific principles and just as surely solves crime.Whether you are contemplating a career in this growing field or are already an analyst in a Unix/Linux environment, this book prepares you to combat computer crime in the Windows world. Here are the tools to help you recover sabotaged files, track down the source of threatening e-mails, investigate industrial espionage, and expose computer criminals.* Identify evidence of fraud, electronic theft, and employee Internet abuse* Investigate crime related to instant messaging, Lotus Notes(r), and increasingly popular browsers such as Firefox(r)* Learn what it takes to become a computer forensics analyst* Take advantage of sample forms and layouts as well as case studies* Protect the integrity of evidence* Compile a forensic response toolkit* Assess and analyze damage from computer crime and process the crime scene* Develop a structure for effectively conducting investigations* Discover how to locate evidence in the Windows Registry

Want to learn more information about Windows Forensics: The Field Guide for Corporate Computer Investigations?

>> Click Here to See All Customer Reviews & Ratings Now

Read More...

UNIX and Linux Forensic Analysis DVD Toolkit Review

Average Reviews:

(More customer reviews)Are you looking to buy UNIX and Linux Forensic Analysis DVD Toolkit? Here is the right place to find the great deals. we can offer discounts of up to 90% on UNIX and Linux Forensic Analysis DVD Toolkit. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

UNIX and Linux Forensic Analysis DVD Toolkit ReviewThe title may mislead readers to believe that this book discusses actual forensics of Unix and Linux systems. It does not. The authors waste precious pages in this short book discussing their favorite cool Linux apps like Nessus and Metasploit but don't have any meaningful discussion about the various flavors of Unix: AIX, Solaris, *BSD, etc. Their "Unix and Linux" forensic book is almost entirely about Linux. There is no thoughtful discussion about filesystem forensics; no technical detail helpful to Forensic Examiners.
The few moments where the authors approach a meaningful forensic topic, the reader is redirected to an online resource rather than provided an analysis or explanation within the book.
The book title may lead readers to believe that an accompanying DVD contains a Unix forensic toolkit of some kind. In fact, there is only 1.8 MB of documents and no tools save for a few (4) short Bash scripts that hardly cover a thorough forensics examination: live or otherwise. One of the scripts is only one line. One of these documents is an incomplete 3.5 page summary of Sleuthkit tools. By "incomplete" I mean that it is apparent that the author decided to quit writing. Apparently there was no room in this 236 page, 14-gauge font book to cover in any detail the different Unix filesystems, data acquisition, data carving or static filesystem analysis. But the authors make plenty of room to discuss scanning with Unix tools (nmap, nessus, etc.).
There is a section entitled "Malware" except that no malware sample is actually examined. The reader is briefly introduced to Panda's AV scanner and is walked through how to use ClamAV as if that is the only AV scanner available for either a Unix user or Forensic Examiner. Forensic Examiners should pay very close attention to AntiVirus product comparative reviews.
The book cover boasts that this is the "only digital forensic analysis book for *nix". Indeed there may be little in the way of books solely dedicated to Unix forensics but other books cover Unix forensics with greater detail than this one. For example, Brian Carrier's "Filesystem Forensic Analysis" or Jones, Bejtlich and Rose's "Real Digital Forensics".
The book cover also boasts that readers can "Hit the ground running" with the information within. Unfortunately, if readers expect the content to help them bridge a gap between Windows and Unix, they will hit the ground with a resounding thud. If any Forensics Examiner finds value in the content of this book for actual Unix forensic investigations, I would question that examiner's experience and training.
If the authors wanted to write a book about cool Linux tools or network scanning, they should have entitled the book differently. Perhaps "A Beginner's Guide to Using Linux and Linux Security Applications".
I felt the title was misleading and false advertising. The authors take advantage of the word "Forensics" to sell a book that is not about forensics. For $53.95 I expected much more and was extremely disappointed and disgusted at the inferiority of the content.UNIX and Linux Forensic Analysis DVD Toolkit OverviewThis book addresses topics in the area of forensic analysis of systems running on variants of the UNIX operating system, which is the choice of hackers for their attack platforms. According to a 2007 IDC report, UNIX servers account for the second-largest segment of spending (behind Windows) in the worldwide server market with $4.2 billion in 2Q07, representing 31.7% of corporate server spending. UNIX systems have not been analyzed to any significant depth largely due to a lack of understanding on the part of the investigator, an understanding and knowledge base that has been achieved by the attacker. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors.The book begins with a chapter to describe why and how the book was written, and for whom, and then immediately begins addressing the issues of live response (volatile) data collection and analysis.The book continues by addressing issues of collecting and analyzing the contents of physical memory (i.e., RAM).The following chapters address /proc analysis, revealing the wealth of significant evidence, and analysis of files created by or on UNIX systems.Then the book addresses the underground world of UNIX hacking and reveals methods and techniques used by hackers, malware coders, and anti-forensic developers.The book then illustrates to the investigator how to analyze these files and extract the information they need to perform a comprehensive forensic analysis.The final chapter includes a detailed discussion of Loadable Kernel Modules and Malware. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors.Throughout the book the author provides a wealth of unique information, providing tools, techniques and information that won't be found anywhere else.Not only are the tools provided, but the author also provides sample files so that after completing a detailed walk-through, the reader can immediately practice the new-found skills.* The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else.* This book contains information about UNIX forensic analysis that is not available anywhere else. Much of the information is a result of the author's own unique research and work.* The authors have the combined experience of Law Enforcement, Military, and Corporate forensics. This unique perspective makes this book attractive to ALL forensic investigators.

Want to learn more information about UNIX and Linux Forensic Analysis DVD Toolkit?

>> Click Here to See All Customer Reviews & Ratings Now

Read More...

Android Forensics: Investigation, Analysis and Mobile Security for Google Android Review

Average Reviews:

(More customer reviews)Are you looking to buy Android Forensics: Investigation, Analysis and Mobile Security for Google Android? Here is the right place to find the great deals. we can offer discounts of up to 90% on Android Forensics: Investigation, Analysis and Mobile Security for Google Android. Check out the link below:

>> Click Here to See Compare Prices and Get the Best Offers

Android Forensics: Investigation, Analysis and Mobile Security for Google Android ReviewAs Brian Carrier is to file system forensics and Harlan Carvey is to Windows registry analysis, Andrew Hoog is to the Android operating system. The level of detail in this book demonstrates a deep understanding of this complex and unique operating system. Chapter 1 begins with an overview of both Android and Linux in general. Instructions are provided for creating a virtual machine environment so the reader can follow along with the examples in the book. Throughout, the reader is encouraged to follow along, and ample opportunities are provided. This is highly appreciated as most technical books overwhelm the reader with information rather than guide them along the way. Chapter 2 presents an overview of the hardware that is supported by the Android OS. Chapter 3 begins the discussion of the Android OS proper. Included in this chapter are instructions on augmenting the previously created VM with the Android SDK providing additional tools for use in analysis. Chapter 4 is devoted to discussing the file systems likely to be encountered in the Android environment. Special attention is paid to YAFFS and YAFFS2. Chapter 5 discusses securing the data within the device. Also presented are recommendations for securely using Android devices in an enterprise environment. Additional advice is given for both users and developers to limit the exposure of sensitive data. Chapter 6 covers the most significant portion of the book with instructions on acquiring the data from device. Logical and physical acquisitions from the handset as well as the removable storage are discussed. The issue of passcode circumvention is discussed along with potential solutions. Chapter 7 finishes with timeline analysis techniques for the YAFFS file system and the FAT file system. Additional locations of interest to both security researchers and forensic analysts are also presented. Overall the book is enjoyable to read and will be a valuable asset for both forensic analysts and researchers.Android Forensics: Investigation, Analysis and Mobile Security for Google Android Overview
The open source nature of the platform has not only established a new direction for the industry, but enables a developer or forensic analyst to understand the device at the most fundamental level. Android Forensics covers an open source mobile device platform based on the Linux 2.6 kernel and managed by the Open Handset Alliance. The Android platform is a major source of digital forensic investigation and analysis. This book provides a thorough review of the Android platform including supported hardware devices, the structure of the Android development project and implementation of core services (wireless communication, data storage and other low-level functions). Finally, it will focus on teaching readers how to apply actual forensic techniques to recover data.

Ability to forensically acquire Android devices using the techniques outlined in the book
Detailed information about Android applications needed for forensics investigations
Important information about SQLite, a file based structured data storage relevant for both Android and many other platforms.


Want to learn more information about Android Forensics: Investigation, Analysis and Mobile Security for Google Android?

>> Click Here to See All Customer Reviews & Ratings Now

Read More...