Linux Forensics (Paperback)

Philip Polstra

  • 出版商: CreateSpace Independ
  • 出版日期: 2015-07-13
  • 售價: $1,940
  • 貴賓價: 9.5$1,843
  • 語言: 英文
  • 頁數: 370
  • 裝訂: Paperback
  • ISBN: 1515037630
  • ISBN-13: 9781515037637
  • 相關分類: Linux
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

商品描述

Linux Forensics is the most comprehensive and up-to-date resource for those wishing to quickly and efficiently perform forensics on Linux systems. It is also a great asset for anyone that would like to better understand Linux internals.

Linux Forensics will guide you step by step through the process of investigating a computer running Linux. Everything you need to know from the moment you receive the call from someone who thinks they have been attacked until the final report is written is covered in this book. All of the tools discussed in this book are free and most are also open source.

Dr. Philip Polstra shows how to leverage numerous tools such as Python, shell scripting, and MySQL to quickly, easily, and accurately analyze Linux systems. While readers will have a strong grasp of Python and shell scripting by the time they complete this book, no prior knowledge of either of these scripting languages is assumed. Linux Forensics begins by showing you how to determine if there was an incident with minimally invasive techniques. Once it appears likely that an incident has occurred, Dr. Polstra shows you how to collect data from a live system before shutting it down for the creation of filesystem images.

Linux Forensics contains extensive coverage of Linux ext2, ext3, and ext4 filesystems. A large collection of Python and shell scripts for creating, mounting, and analyzing filesystem images are presented in this book. Dr. Polstra introduces readers to the exciting new field of memory analysis using the Volatility framework. Discussions of advanced attacks and malware analysis round out the book.

Book Highlights

  • 370 pages in large, easy-to-read 8.5 x 11 inch format
  • Over 9000 lines of Python scripts with explanations
  • Over 800 lines of shell scripts with explanations
  • A 102 page chapter containing up-to-date information on the ext4 filesystem
  • Two scenarios described in detail with images available from the book website
  • All scripts and other support files are available from the book website

Chapter Contents

  1. First Steps
    • General Principles
    • Phases of Investigation
    • High-level Process
    • Building a Toolkit
  2. Determining If There Was an Incident
    • Opening a Case
    • Talking to Users
    • Documenation
    • Mounting Known-good Binaries
    • Minimizing Disturbance to the Subject
    • Automation With Scripting
  3. Live Analysis
    • Getting Metadata
    • Using Spreadsheets
    • Getting Command Histories
    • Getting Logs
    • Using Hashes
    • Dumping RAM
  4. Creating Images
    • Shutting Down the System
    • Image Formats
    • DD
    • DCFLDD
    • Write Blocking
    • Imaging Virtual Machines
    • Imaging Physical Drives
  5. Mounting Images
    • Master Boot Record Based Partions
    • GUID Partition Tables
    • Mounting Partitions In Linux
    • Automating With Python
  6. Analyzing Mounted Images
    • Getting Timestamps
    • Using LibreOffice
    • Using MySQL
    • Creating Timelines
  7. Extended Filesystems
    • Basics
    • Superblocks
    • Features
    • Using Python
    • Finding Things That Are Out Of Place
    • Inodes
    • Journaling
  8. Memory Analysis
    • Volatility
    • Creating Profiles
    • Linux Commands
  9. Dealing With More Advanced Attackers
  10. Malware
    • Is It Malware?
    • Malware Analysis Tools
    • Static Analysis
    • Dynamic Analysis
    • Obfuscation
  11. The Road Ahead
    • Learning More
    • Communities
    • Conferences
    • Certifications

商品描述(中文翻譯)

《Linux Forensics》是目前最全面且最新的資源,適合那些希望快速且有效地在Linux系統上進行鑑識的人。對於任何想更好地了解Linux內部運作的人來說,這也是一個很好的資源。

《Linux Forensics》將逐步引導您進行Linux系統的調查過程。從接到某人認為自己遭受攻擊的電話,到撰寫最終報告,這本書涵蓋了您需要了解的一切。本書中討論的所有工具都是免費的,大多數也是開源的。

Philip Polstra博士展示了如何利用Python、shell腳本和MySQL等多種工具,快速、輕鬆且準確地分析Linux系統。讀者在完成本書後將對Python和shell腳本有很好的掌握,但不需要對這兩種腳本語言有任何先備知識。《Linux Forensics》首先向您展示如何使用最小侵入性技術確定是否發生了事件。一旦似乎發生了事件,Polstra博士將向您展示如何在關閉系統以創建文件系統映像之前,從運行中的系統中收集數據。

《Linux Forensics》詳細介紹了Linux ext2、ext3和ext4文件系統。本書中介紹了大量用於創建、掛載和分析文件系統映像的Python和shell腳本。Polstra博士還向讀者介紹了使用Volatility框架進行記憶體分析的新領域。書中還討論了高級攻擊和惡意軟體分析。

《書籍亮點》
- 以易於閱讀的8.5 x 11英寸大尺寸格式,共370頁
- 超過9000行帶有解釋的Python腳本
- 超過800行帶有解釋的shell腳本
- 一個包含有關ext4文件系統的最新信息的102頁章節
- 詳細描述的兩個情境,書籍網站提供圖片
- 所有腳本和其他支援文件都可從書籍網站下載

《章節內容》
1. 第一步
- 一般原則
- 調查階段
- 高層次流程
- 建立工具包
2. 確定是否發生事件
- 開啟案件
- 與使用者交談
- 文件記錄
- 掛載已知良好的二進制文件
- 減少對主體的干擾
- 使用腳本自動化
3. 在線分析
- 獲取元數據
- 使用試算表
- 獲取命令歷史
- 獲取日誌
- 使用哈希值
- 轉儲RAM
4. 創建映像
- 關閉系統
- 映像格式
- DD
- DCFLDD
- 寫入阻斷
- 映像虛擬機器
- 映像物理驅動器
5. 掛載映像
- 基於主引導記錄的分區
- GUID分區表
- 在Linux中掛載分區
- 使用Python自動化
6. 分析已掛載的映像
- 獲取時間戳
- 使用LibreOffice
- 使用MySQL
- 創建時間軸
7. 擴展文件系統
- 基礎知識
- 超級區塊
- 功能
- 使用Python
- 查找不正常的內容
- i節點
- 日誌記錄
8. 記憶體分析
- Volatility
- 創建配置文件
- Linux命令
9. 處理更高級的攻擊者
10. 惡意軟體
- 是否為惡意軟體?
- 惡意軟體分析工具
- 靜態分析
- 動態分析
- 混淆
11. 未來之路
- 學習更多
- 社群
- 會議
- 認證

請注意,以上內容僅為書籍摘要,並非完整內容。