Table Of Content

P R A C T I C A L L I N U X F O R E N S I C S A G U I D E F O R D I G I T A L I N V E S T I G A T O R S B R U C E N I K K E L P R A C T I C A L L I N U X F O R E N S I C S A Guide for Digital Investigators by Bruce Nikkel SanFrancisco PRACTICALLINUXFORENSICS.Copyright©2022byBruceNikkel. Allrightsreserved.Nopartofthisworkmaybereproducedortransmittedinanyformorbyanymeans,electronic ormechanical,includingphotocopying,recording,orbyanyinformationstorageorretrievalsystem,withoutthe priorwrittenpermissionofthecopyrightownerandthepublisher. PrintedintheUnitedStatesofAmerica Secondprinting 2625242322 23456789 ISBN­13:978­1­7185­0196­6(print) ISBN­13:978­1­7185­0197­3(ebook) Publisher:WilliamPollock ManagingEditor:JillFranklin ProductionManager:RachelMonaghan ProductionEditor:MilesBond DevelopmentalEditor:JillFranklin InteriorandCoverDesign:OctopodStudios CoverIllustrator:JamesL.Barry TechnicalReviewer:DonFrick Copyeditor:GeorgeHale ProductionServices:OctalPublishing,Inc. Forinformationonbookdistributorsortranslations,pleasecontactNoStarchPress,Inc.directly: NoStarchPress,Inc. 2458thStreet,SanFrancisco,CA94103 phone:1.415.863.9900;[email protected] www.nostarch.com LibraryofCongressCataloging­in­PublicationData Names: Nikkel, Bruce, author. Title: Practical Linux forensics : a guide for digital investigators / by Bruce Nikkel. Description: San Francisco : no starch press, [2022] | Includes index. | Identifiers: LCCN 2021031364 (print) | LCCN 2021031365 (ebook) | ISBN 9781718501966 (paperback) | ISBN 9781718501973 (ebook) Subjects: LCSH: Digital forensic science. | Linux. | Computer crimes--Investigation. | Data recovery (Computer science) Classification: LCC HV8079.C65 N56 2022 (print) | LCC HV8079.C65 (ebook) | DDC 363.25/968--dc23 LC record available at https://lccn.loc.gov/2021031364 LC ebook record available at https://lccn.loc.gov/2021031365 NoStarchPressandtheNoStarchPresslogoareregisteredtrademarksofNoStarchPress,Inc.Otherproductand companynamesmentionedhereinmaybethetrademarksoftheirrespectiveowners.Ratherthanuseatrademark symbolwitheveryoccurrenceofatrademarkedname,weareusingthenamesonlyinaneditorialfashionandtothe benefitofthetrademarkowner,withnointentionofinfringementofthetrademark. Theinformationinthisbookisdistributedonan“AsIs”basis,withoutwarranty.Whileeveryprecautionhasbeen takeninthepreparationofthiswork,neithertheauthornorNoStarchPress,Inc.shallhaveanyliabilitytoany personorentitywithrespecttoanylossordamagecausedorallegedtobecauseddirectlyorindirectlybytheinfor­ mationcontainedinit. Thisbookisdedicatedtoeveryonewhoprovidedmotivation, support,guidance,mentoring,inspiration,encouragement, critiques,wisdom,tools,techniques,andresearch—allofwhich influencedandhelpedwiththecreationofthisbook. About the Author BruceNikkelisaprofessorattheBernUniversityofAppliedSciencesin Switzerland,specializingindigitalforensicsandcybercrime. Heisco­head oftheuniversity’sresearchinstituteforcybersecurityandengineering,and directorofthemastersprograminDigitalForensicsandCyberInvestiga­ tion. Inadditiontohisacademicwork,hehasworkedinriskandsecurity departmentsataglobalfinancialinstitutionsince1997. Heheadedthe bank’sCybercrimeIntelligence&ForensicInvestigationteamformore than15yearsandcurrentlyworksasanadvisor. BruceholdsaPhDinnet­ workforensics,istheauthorof PracticalForensicImaging(NoStarchPress, 2016),andisaneditorwithForensicScienceInternational’sDigitalInvesti­ gationjournal. HehasbeenaUnixandLinuxenthusiastsincethe1990s. About the Technical Reviewer DonFrickstartedhiscareerasanITforensicsconsultantforaBigFour firm,collectingevidenceandconductinginvestigationsforclientsacross Europe,andeventuallycametoleadtheForensicTechnologyteambased inZurich. HelatermovedtoNewYorktoopenaforensiclabforamajor globalfinancialinstitution. Aspartofthebank’sCybercrimeIntelligence &ForensicInvestigationteam,hehasworkedonawiderangeofinvestiga­ tions. Heenjoystinkeringwithhardwareanddifferentoperatingsystems (Linux,macOS,Windows)inhisfreetime. BRIEF CONTENTS Introduction........................................................................ xvii Chapter1:DigitalForensicsOverview................................................ 1 Chapter2:LinuxOverview .......................................................... 11 Chapter3:EvidencefromStorageDevicesandFilesystems ............................. 31 Chapter4:DirectoryLayoutandForensicAnalysisofLinuxFiles......................... 83 Chapter5:InvestigatingEvidencefromLinuxLogs ..................................... 115 Chapter6:ReconstructingSystemBootandInitialization................................ 145 Chapter7:ExaminationofInstalledSoftwarePackages................................. 183 Chapter8:IdentifyingNetworkConfigurationArtifacts ................................. 225 Chapter9:ForensicAnalysisofTimeandLocation..................................... 255 Chapter10:ReconstructingUserDesktopsandLoginActivity............................ 273 Chapter11:ForensicTracesofAttachedPeripheralDevices ............................ 325 Afterword.......................................................................... 339 Appendix: File/DirectoryListforDigitalInvestigators................................... 343 Index.............................................................................. 361

ebook img

Practical Linux Forensics PDF

403 Pages·4.95 MB·English
by  Bruce Nikkel
#
Save to my drive
Quick download
Download
Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Practical Linux Forensics

P R A C T I C A L L I N U X F O R E N S I C S A G U I D E F O R D I G I T A L I N V E S T I G A T O R S B R U C E N I K K E L P R A C T I C A L L I N U X F O R E N S I C S A Guide for Digital Investigators by Bruce Nikkel SanFrancisco PRACTICALLINUXFORENSICS.Copyright©2022byBruceNikkel. Allrightsreserved.Nopartofthisworkmaybereproducedortransmittedinanyformorbyanymeans,electronic ormechanical,includingphotocopying,recording,orbyanyinformationstorageorretrievalsystem,withoutthe priorwrittenpermissionofthecopyrightownerandthepublisher. PrintedintheUnitedStatesofAmerica Secondprinting 2625242322 23456789 ISBN­13:978­1­7185­0196­6(print) ISBN­13:978­1­7185­0197­3(ebook) Publisher:WilliamPollock ManagingEditor:JillFranklin ProductionManager:RachelMonaghan ProductionEditor:MilesBond DevelopmentalEditor:JillFranklin InteriorandCoverDesign:OctopodStudios CoverIllustrator:JamesL.Barry TechnicalReviewer:DonFrick Copyeditor:GeorgeHale ProductionServices:OctalPublishing,Inc. Forinformationonbookdistributorsortranslations,pleasecontactNoStarchPress,Inc.directly: NoStarchPress,Inc. 2458thStreet,SanFrancisco,CA94103 phone:1.415.863.9900;[email protected] www.nostarch.com LibraryofCongressCataloging­in­PublicationData Names: Nikkel, Bruce, author. Title: Practical Linux forensics : a guide for digital investigators / by Bruce Nikkel. Description: San Francisco : no starch press, [2022] | Includes index. | Identifiers: LCCN 2021031364 (print) | LCCN 2021031365 (ebook) | ISBN 9781718501966 (paperback) | ISBN 9781718501973 (ebook) Subjects: LCSH: Digital forensic science. | Linux. | Computer crimes--Investigation. | Data recovery (Computer science) Classification: LCC HV8079.C65 N56 2022 (print) | LCC HV8079.C65 (ebook) | DDC 363.25/968--dc23 LC record available at https://lccn.loc.gov/2021031364 LC ebook record available at https://lccn.loc.gov/2021031365 NoStarchPressandtheNoStarchPresslogoareregisteredtrademarksofNoStarchPress,Inc.Otherproductand companynamesmentionedhereinmaybethetrademarksoftheirrespectiveowners.Ratherthanuseatrademark symbolwitheveryoccurrenceofatrademarkedname,weareusingthenamesonlyinaneditorialfashionandtothe benefitofthetrademarkowner,withnointentionofinfringementofthetrademark. Theinformationinthisbookisdistributedonan“AsIs”basis,withoutwarranty.Whileeveryprecautionhasbeen takeninthepreparationofthiswork,neithertheauthornorNoStarchPress,Inc.shallhaveanyliabilitytoany personorentitywithrespecttoanylossordamagecausedorallegedtobecauseddirectlyorindirectlybytheinfor­ mationcontainedinit. Thisbookisdedicatedtoeveryonewhoprovidedmotivation, support,guidance,mentoring,inspiration,encouragement, critiques,wisdom,tools,techniques,andresearch—allofwhich influencedandhelpedwiththecreationofthisbook. About the Author BruceNikkelisaprofessorattheBernUniversityofAppliedSciencesin Switzerland,specializingindigitalforensicsandcybercrime. Heisco­head oftheuniversity’sresearchinstituteforcybersecurityandengineering,and directorofthemastersprograminDigitalForensicsandCyberInvestiga­ tion. Inadditiontohisacademicwork,hehasworkedinriskandsecurity departmentsataglobalfinancialinstitutionsince1997. Heheadedthe bank’sCybercrimeIntelligence&ForensicInvestigationteamformore than15yearsandcurrentlyworksasanadvisor. BruceholdsaPhDinnet­ workforensics,istheauthorof PracticalForensicImaging(NoStarchPress, 2016),andisaneditorwithForensicScienceInternational’sDigitalInvesti­ gationjournal. HehasbeenaUnixandLinuxenthusiastsincethe1990s. About the Technical Reviewer DonFrickstartedhiscareerasanITforensicsconsultantforaBigFour firm,collectingevidenceandconductinginvestigationsforclientsacross Europe,andeventuallycametoleadtheForensicTechnologyteambased inZurich. HelatermovedtoNewYorktoopenaforensiclabforamajor globalfinancialinstitution. Aspartofthebank’sCybercrimeIntelligence &ForensicInvestigationteam,hehasworkedonawiderangeofinvestiga­ tions. Heenjoystinkeringwithhardwareanddifferentoperatingsystems (Linux,macOS,Windows)inhisfreetime. BRIEF CONTENTS Introduction........................................................................ xvii Chapter1:DigitalForensicsOverview................................................ 1 Chapter2:LinuxOverview .......................................................... 11 Chapter3:EvidencefromStorageDevicesandFilesystems ............................. 31 Chapter4:DirectoryLayoutandForensicAnalysisofLinuxFiles......................... 83 Chapter5:InvestigatingEvidencefromLinuxLogs ..................................... 115 Chapter6:ReconstructingSystemBootandInitialization................................ 145 Chapter7:ExaminationofInstalledSoftwarePackages................................. 183 Chapter8:IdentifyingNetworkConfigurationArtifacts ................................. 225 Chapter9:ForensicAnalysisofTimeandLocation..................................... 255 Chapter10:ReconstructingUserDesktopsandLoginActivity............................ 273 Chapter11:ForensicTracesofAttachedPeripheralDevices ............................ 325 Afterword.......................................................................... 339 Appendix: File/DirectoryListforDigitalInvestigators................................... 343 Index.............................................................................. 361

See more

The list of books you might like

Upgrade Premium
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.
DMCA & Copyright: Dear all, most of the website is community built, users are uploading hundred of books everyday, which makes really hard for us to identify copyrighted material, please contact us if you want any material removed.
Copyright @ PDFdrive.to, 2022 | We love our users