• Complain

Bruce Nikkel - Practical Linux Forensics: A Guide for Digital Investigators

Here you can read online Bruce Nikkel - Practical Linux Forensics: A Guide for Digital Investigators full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2021, publisher: No Starch Press, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

No cover
  • Book:
    Practical Linux Forensics: A Guide for Digital Investigators
  • Author:
  • Publisher:
    No Starch Press
  • Genre:
  • Year:
    2021
  • Rating:
    3 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 60
    • 1
    • 2
    • 3
    • 4
    • 5

Practical Linux Forensics: A Guide for Digital Investigators: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Practical Linux Forensics: A Guide for Digital Investigators" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

A resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack.Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. Youll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. The techniques shown are intended to be independent of the forensic analysis platforms and tools used.Learn how to: Extract evidence from storage devices and analyze partition tables, volume managers, popular Linux filesystems (Ext4, Btrfs, and Xfs), and encryption Investigate evidence from Linux logs, including traditional syslog, the systemd journal, kernel and audit logs, and logs from daemons and applications Reconstruct the Linux startup process, from boot loaders (UEFI and Grub) and kernel initialization, to systemd unit files and targets leading up to a graphical login Perform analysis of power, temperature, and the physical environment of a Linux machine, and find evidence of sleep, hibernation, shutdowns, reboots, and crashes Examine installed software, including distro installers, package formats, and package management systems from Debian, Fedora, SUSE, Arch, and other distros Perform analysis of time and Locale settings, internationalization including language and keyboard settings, and geolocation on a Linux system Reconstruct user login sessions (shell, X11 and Wayland), desktops (Gnome, KDE, and others) and analyze keyrings, wallets, trash cans, clipboards, thumbnails, recent files and other desktop artifacts Analyze network configuration, including interfaces, addresses, network managers, DNS, wireless artifacts (Wi-Fi, Bluetooth, WWAN), VPNs (including WireGuard), firewalls, and proxy settings Identify traces of attached peripheral devices (PCI, USB, Thunderbolt, Bluetooth) including external storage, cameras, and mobiles, and reconstruct printing and scanning activity

Bruce Nikkel: author's other books


Who wrote Practical Linux Forensics: A Guide for Digital Investigators? Find out the surname, the name of the author of the book and a list of all author's works by series.

Practical Linux Forensics: A Guide for Digital Investigators — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Practical Linux Forensics: A Guide for Digital Investigators" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
PRACTICAL LINUX FORENSICS A Guide for Digital Investigators by Bruce Nikkel - photo 1
PRACTICAL LINUX FORENSICS

A Guide for Digital Investigators

by Bruce Nikkel

San Francisco PRACTICAL LINUX FORENSICS Copyright 2022 by Bruce Nikkel All - photo 2

San Francisco

PRACTICAL LINUX FORENSICS. Copyright 2022 by Bruce Nikkel

All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.

Printed in the United States of America

First printing

25 24 23 22 21 1 2 3 4 5 6 7 8 9

ISBN-13: 978-1-7185-0196-6 (print)
ISBN-13: 978-1-7185-0197-3 (ebook)

Publisher: William Pollock
Managing Editor: Jill Franklin
Production Manager: Rachel Monaghan
Production Editor: Miles Bond
Developmental Editor: Jill Franklin
Interior and Cover Design: Octopod Studios
Cover Illustrator: James L. Barry
Technical Reviewer: Don Frick
Copyeditor: George Hale
Production Services: Octal Publishing, Inc.

For information on book distributors or translations, please contact No Starch Press, Inc. directly:
No Starch Press, Inc.
245 8th Street, San Francisco, CA 94103
phone: 1.415.863.9900;
www.nostarch.com

Library of Congress Cataloging-in-Publication Data

Names: Nikkel, Bruce, author.
Title: Practical Linux forensics : a guide for digital investigators / by
Bruce Nikkel.
Description: San Francisco : no starch press, [2022] | Includes index. |
Identifiers: LCCN 2021031364 (print) | LCCN 2021031365 (ebook) | ISBN
9781718501966 (paperback) | ISBN 9781718501973 (ebook)
Subjects: LCSH: Digital forensic science. | Linux. | Computer
crimesInvestigation. | Data recovery (Computer science)
Classification: LCC HV8079.C65 N56 2022 (print) | LCC HV8079.C65 (ebook)
| DDC 363.25/968dc23
LC record available at https://lccn.loc.gov/2021031364
LC ebook record available at https://lccn.loc.gov/2021031365

No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The information in this book is distributed on an As Is basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

[S]

This book is dedicated to everyone who provided motivation, support, guidance, mentoring, inspiration, encouragement, critiques, wisdom, tools, techniques, and researchall of which influenced and helped with the creation of this book.

About the Author

Bruce Nikkel is a professor at the Bern University of Applied Sciences in Switzerland, specializing in digital forensics and cybercrime. He is co-head of the universitys research institute for cybersecurity and engineering, and director of the masters program in Digital Forensics and Cyber Investigation. In addition to his academic work, he has worked in risk and security departments at a global financial institution since 1997. He headed the banks Cybercrime Intelligence & Forensic Investigation team for more than 15 years and currently works as an advisor. Bruce holds a PhD in network forensics, is the author of Practical Forensic Imaging (No Starch Press, 2016), and is an editor with Forensic Science Internationals Digital Investigation journal. He has been a Unix and Linux enthusiast since the 1990s.

About the Technical Reviewer

Don Frick started his career as an IT forensics consultant for a Big Four firm, collecting evidence and conducting investigations for clients across Europe, and eventually came to lead the Forensic Technology team based in Zurich. He later moved to New York to open a forensic lab for a major global financial institution. As part of the banks Cybercrime Intelligence & Forensic Investigation team, he has worked on a wide range of investigations. He enjoys tinkering with hardware and different operating systems (Linux, macOS, Windows) in his free time.

CONTENTS IN DETAIL
INTRODUCTION
Welcome to Practical Linux Forensics A Guide for Digital Investigators This - photo 3

Welcome to Practical Linux Forensics: A Guide for Digital Investigators. This book covers a variety of methods and techniques for finding and analyzing digital evidence found on modern Linux systems. Among digital forensic investigators, the phrase Linux forensics may have one of two meanings. In one case, it refers to using Linux as a digital forensics platform to perform acquisition or analysis of any target system under investigation (which could be Windows, Mac, Linux, or any other operating system). In this book, however, Linux forensics refers to analyzing or examining a suspect Linux system as the target of an investigation (independent of the platform or tools used).

I will focus on identifying common artifacts found on various Linux distributions (distros) and how to analyze them in the context of a forensic investigation. The forensic analysis methods described in this book are independent of the tools used and will benefit users of FTK, X-Ways, EnCase, or any other forensic analysis tool suite. The tools I use in the examples and illustrations tend to be Linux-based, but the concepts remain fully tool independent.

Why I Wrote This Book

In some ways, this book is a logical continuation of my first book, Practical Forensic Imaging (No Starch Press, 2016). After performing a forensic acquisition of a system and securing a drive image, analysis is the next step performed in a typical digital forensic investigation. This book dives into the technical details of analyzing forensic images of Linux systems.

There are many books on Windows and even Mac forensic analysis, but few books focus on the analysis of a Linux system as the target of an investigation. Even fewer focus specifically on postmortem (dead disk) analysis of modern Linux installations. Ive been hearing digital forensic investigators in the community increasingly comment: We are starting to get more Linux images in our lab, but we dont know exactly what to look for. Such comments are coming both from forensic labs in the private sector (corporations) and the public sector (law enforcement). This book is intended to provide a resource that addresses this growing area of interest. It will help forensic investigators find and extract digital evidence found on Linux systems, reconstruct past activity, draw logical conclusions, and write comprehensive forensic evidence reports of their analysis.

Another reason for writing this book is out of personal interest and motivation to better understand the internals of modern Linux systems. Over the past decade, significant advancements in Linux distributions have changed how Linux forensic analysis is performed. I teach classes in both digital forensics and Linux at the Bern University of Applied Sciences in Switzerland, and writing this book has helped me stay current on those topics.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Practical Linux Forensics: A Guide for Digital Investigators»

Look at similar books to Practical Linux Forensics: A Guide for Digital Investigators. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Practical Linux Forensics: A Guide for Digital Investigators»

Discussion, reviews of the book Practical Linux Forensics: A Guide for Digital Investigators and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.