{"product_id":"linux-forensics-paperback","title":"Linux Forensics - Paperback","description":"\u003cp\u003eby \u003cb\u003ePhilip Polstra\u003c\/b\u003e (Author)\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cp\u003e\u003cb\u003eLinux Forensics\u003c\/b\u003e is the most comprehensive and up-to-date resource for those wishing to quickly and efficiently perform forensics on Linux systems. It is also a great asset for anyone that would like to better understand Linux internals.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eLinux Forensics\u003c\/b\u003e will guide you step by step through the process of investigating a computer running Linux. Everything you need to know from the moment you receive the call from someone who thinks they have been attacked until the final report is written is covered in this book. All of the tools discussed in this book are free and most are also open source.\u003c\/p\u003e \u003cp\u003eDr. Philip Polstra shows how to leverage numerous tools such as Python, shell scripting, and MySQL to quickly, easily, and accurately analyze Linux systems. While readers will have a strong grasp of Python and shell scripting by the time they complete this book, no prior knowledge of either of these scripting languages is assumed. \u003cb\u003eLinux Forensics\u003c\/b\u003e begins by showing you how to determine if there was an incident with minimally invasive techniques. Once it appears likely that an incident has occurred, Dr. Polstra shows you how to collect data from a live system before shutting it down for the creation of filesystem images. \u003c\/p\u003e \u003cp\u003e\u003cb\u003eLinux Forensics\u003c\/b\u003e contains extensive coverage of Linux ext2, ext3, and ext4 filesystems. A large collection of Python and shell scripts for creating, mounting, and analyzing filesystem images are presented in this book. Dr. Polstra introduces readers to the exciting new field of memory analysis using the Volatility framework. Discussions of advanced attacks and malware analysis round out the book.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eBook Highlights\u003c\/b\u003e \u003c\/p\u003e\u003cul\u003e \u003cli\u003e370 pages in large, easy-to-read 8.5 x 11 inch format\u003c\/li\u003e \u003cli\u003eOver 9000 lines of Python scripts with explanations\u003c\/li\u003e \u003cli\u003eOver 800 lines of shell scripts with explanations\u003c\/li\u003e \u003cli\u003eA 102 page chapter containing up-to-date information on the ext4 filesystem\u003c\/li\u003e \u003cli\u003eTwo scenarios described in detail with images available from the book website\u003c\/li\u003e \u003cli\u003eAll scripts and other support files are available from the book website\u003c\/li\u003e \u003c\/ul\u003e  \u003cp\u003e\u003cb\u003eChapter Contents\u003c\/b\u003e \u003c\/p\u003e\u003col\u003e \u003cli\u003eFirst Steps \u003cul\u003e\n\u003cli\u003eGeneral Principles\u003c\/li\u003e\n\u003cli\u003ePhases of Investigation\u003c\/li\u003e\n\u003cli\u003eHigh-level Process\u003c\/li\u003e\n\u003cli\u003eBuilding a Toolkit\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e \u003cli\u003eDetermining If There Was an Incident\u003cul\u003e\n\u003cli\u003eOpening a Case\u003c\/li\u003e\n\u003cli\u003eTalking to Users\u003c\/li\u003e\n\u003cli\u003eDocumenation\u003c\/li\u003e\n\u003cli\u003eMounting Known-good Binaries\u003c\/li\u003e\n\u003cli\u003eMinimizing Disturbance to the Subject\u003c\/li\u003e\n\u003cli\u003eAutomation With Scripting\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e \u003cli\u003eLive Analysis\u003cul\u003e\n\u003cli\u003eGetting Metadata\u003c\/li\u003e\n\u003cli\u003eUsing Spreadsheets\u003c\/li\u003e\n\u003cli\u003eGetting Command Histories\u003c\/li\u003e\n\u003cli\u003eGetting Logs\u003c\/li\u003e\n\u003cli\u003eUsing Hashes\u003c\/li\u003e\n\u003cli\u003eDumping RAM\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e \u003cli\u003eCreating Images\u003cul\u003e\n\u003cli\u003eShutting Down the System\u003c\/li\u003e\n\u003cli\u003eImage Formats\u003c\/li\u003e\n\u003cli\u003eDD\u003c\/li\u003e\n\u003cli\u003eDCFLDD\u003c\/li\u003e\n\u003cli\u003eWrite Blocking\u003c\/li\u003e\n\u003cli\u003eImaging Virtual Machines\u003c\/li\u003e\n\u003cli\u003eImaging Physical Drives\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e \u003cli\u003eMounting Images\u003cul\u003e\n\u003cli\u003eMaster Boot Record Based Partions\u003c\/li\u003e\n\u003cli\u003eGUID Partition Tables\u003c\/li\u003e\n\u003cli\u003eMounting Partitions In Linux\u003c\/li\u003e\n\u003cli\u003eAutomating With Python\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e \u003cli\u003eAnalyzing Mounted Images\u003cul\u003e\n\u003cli\u003eGetting Timestamps\u003c\/li\u003e\n\u003cli\u003eUsing LibreOffice\u003c\/li\u003e\n\u003cli\u003eUsing MySQL\u003c\/li\u003e\n\u003cli\u003eCreating Timelines\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e \u003cli\u003eExtended Filesystems\u003cul\u003e\n\u003cli\u003eBasics\u003c\/li\u003e\n\u003cli\u003eSuperblocks\u003c\/li\u003e\n\u003cli\u003eFeatures\u003c\/li\u003e\n\u003cli\u003eUsing Python\u003c\/li\u003e\n\u003cli\u003eFinding Things That Are Out Of Place\u003c\/li\u003e\n\u003cli\u003eInodes\u003c\/li\u003e\n\u003cli\u003eJournaling\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e \u003cli\u003eMemory Analysis\u003cul\u003e\n\u003cli\u003eVolatility\u003c\/li\u003e\n\u003cli\u003eCreating Profiles\u003c\/li\u003e\n\u003cli\u003eLinux Commands\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e \u003cli\u003eDealing With More Advanced Attackers\u003c\/li\u003e \u003cli\u003eMalware\u003cul\u003e\n\u003cli\u003eIs It Malware?\u003c\/li\u003e\n\u003cli\u003eMalware Analysis Tools\u003c\/li\u003e\n\u003cli\u003eStatic Analysis\u003c\/li\u003e\n\u003cli\u003eDynamic Analysis\u003c\/li\u003e\n\u003cli\u003eObfuscation\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e \u003cli\u003eThe Road Ahead\u003cul\u003e\n\u003cli\u003eLearning More\u003c\/li\u003e\n\u003cli\u003eCommunities\u003c\/li\u003e\n\u003cli\u003eConferences\u003c\/li\u003e\n\u003cli\u003eCertifications\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003c\/li\u003e \u003c\/ol\u003e\u003ch3\u003eAuthor Biography\u003c\/h3\u003e\u003cp\u003e\u003c\/p\u003e\u003cp\u003eDr. Philip Polstra (known to his friends as Dr. Phil) is an internationally recognized hardware hacker. His work has been presented at numerous conferences around the globe including repeat performances at DEFCON (six presentations in four years), BlackHat, 44CON, GrrCON, MakerFaire, ForenSecure, and other top conferences. Dr. Polstra is a well-known expert on USB forensics and has published several articles on this topic. He has developed a number of video courses including ones on Linux forensics, USB forensics, and reverse engineering. \u003c\/p\u003e\u003cp\u003eDr. Polstra has developed degree programs in digital forensics and ethical hacking while serving as a professor and Hacker in Residence at a private university in the Midwestern United States. He currently teaches in one of the top Digital Forensics degree programs in the United States at Bloomsburg University of Pennsylvania. In addition to teaching, he provides training and performs penetration tests on a consulting basis. When not working, he has been known to fly, build aircraft, and tinker with electronics. He is an accomplished aviator with thousands of hours of flight time and a dozen ratings as a pilot, flight instructor, mechanic, aircraft inspector, and avionics specialist. His latest happenings can be found on his website http: \/\/philpolstra.com. You can also follow him at @ppolstra on Twitter. \u003c\/p\u003e\u003cp\u003eDr. Polstra authored \u003cb\u003eHacking and Penetration Testing with Low Power Devices\u003c\/b\u003e (Syngress, 2014) in which he showed the world how to easily build drop boxes, hacking consoles, and remote hacking drones with the BeagleBone Black and similar devices. In the course of creating these devices he developed his own Linux, \u003ci\u003eDeck Linux\u003c\/i\u003e, which is optimized for security testing with ARM-based devices. Techniques described in this book permit security penetration tests to be performed with multiple, possibly battery powered, devices which are controlled by a user up to two miles away from the target organization. \u003c\/p\u003e\u003cp\u003eHis latest book, \u003cb\u003eLinux Forensics\u003c\/b\u003e (Pentester Academy, 2015), is the most comprehensive and up-to-date resource available to anyone wishing to perform forensics on Linux systems. The first printing of this book sold out in under twenty five hours. This book is considered a must have by a number of forensic investigators around the world.\u003c\/p\u003e\u003cdiv\u003e\n\u003cstrong\u003eNumber of Pages:\u003c\/strong\u003e 370\u003c\/div\u003e\u003cdiv\u003e\n\u003cstrong\u003eDimensions:\u003c\/strong\u003e 0.77 x 11.02 x 8.5 IN\u003c\/div\u003e\u003cdiv\u003e\n\u003cstrong\u003ePublication Date:\u003c\/strong\u003e July 13, 2015\u003c\/div\u003e","brand":"Books by splitShops","offers":[{"title":"Default Title","offer_id":42716318007359,"sku":"9781515037637","price":79.38,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0105\/8226\/1823\/files\/e9f6dc923b6dc36cc0f61cc6ca9eeea5.webp?v=1765074492","url":"https:\/\/dhlswag.com\/products\/linux-forensics-paperback","provider":"BBB","version":"1.0","type":"link"}