Practical Linux Forensics: A Guide for Digital Investigators (Paperback)

Nikkel, Bruce

買這商品的人也買了...

商品描述

A resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack.

Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. You'll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. The techniques shown are intended to be independent of the forensic analysis platforms and tools used.

Learn how to:

 

- Extract evidence from storage devices and analyze partition tables, volume managers, popular Linux filesystems (Ext4, Btrfs, and Xfs), and encryption
- Investigate evidence from Linux logs, including traditional syslog, the systemd journal, kernel and audit logs, and logs from daemons and applications
- Reconstruct the Linux startup process, from boot loaders (UEFI and Grub) and kernel initialization, to systemd unit files and targets leading up to a graphical login
- Perform analysis of power, temperature, and the physical environment of a Linux machine, and find evidence of sleep, hibernation, shutdowns, reboots, and crashes
- Examine installed software, including distro installers, package formats, and package management systems from Debian, Fedora, SUSE, Arch, and other distros
- Perform analysis of time and Locale settings, internationalization including language and keyboard settings, and geolocation on a Linux system
- Reconstruct user login sessions (shell, X11 and Wayland), desktops (Gnome, KDE, and others) and analyze keyrings, wallets, trash cans, clipboards, thumbnails, recent files and other desktop artifacts
- Analyze network configuration, including interfaces, addresses, network managers, DNS, wireless artifacts (Wi-Fi, Bluetooth, WWAN), VPNs (including WireGuard), firewalls, and proxy settings
- Identify traces of attached peripheral devices (PCI, USB, Thunderbolt, Bluetooth) including external storage, cameras, and mobiles, and reconstruct printing and scanning activity

 

商品描述(中文翻譯)

一本協助法醫調查人員在犯罪、安全事件或網路攻擊後,尋找、分析和理解現代Linux系統上的數位證據的資源。

《實用Linux鑑識學》深入探討了分析被濫用、濫用或受到惡意攻擊的Linux系統的事後鑑識圖像的技術細節。它幫助法醫調查人員尋找並分析在Linux桌面、伺服器和物聯網設備上找到的數位證據。在整本書中,您將學習如何識別可能對調查有興趣的數位藝術品,得出邏輯結論,並從事件中重建過去的活動。您將從數位鑑識和調查的角度了解Linux的運作方式,以及如何解讀Linux環境中的證據。所示的技術旨在獨立於使用的鑑識分析平台和工具。

學習如何:
- 從儲存裝置中提取證據並分析分割表、卷管理器、常見的Linux檔案系統(Ext4、Btrfs和Xfs)和加密
- 調查Linux日誌中的證據,包括傳統的syslog、systemd日誌、核心和審計日誌,以及來自守護程序和應用程式的日誌
- 重建Linux啟動過程,從引導載入程式(UEFI和Grub)和核心初始化,到systemd單元檔和目標,一直到圖形登入
- 分析Linux機器的電源、溫度和物理環境,並找到睡眠、休眠、關機、重新啟動和崩潰的證據
- 檢查已安裝的軟體,包括發行版安裝程式、套件格式和Debian、Fedora、SUSE、Arch和其他發行版的套件管理系統
- 分析時間和地區設定,包括語言和鍵盤設定,以及Linux系統上的地理位置
- 重建使用者登入會話(shell、X11和Wayland)、桌面(Gnome、KDE等)並分析金鑰圈、錢包、垃圾桶、剪貼簿、縮圖、最近的檔案和其他桌面藝術品
- 分析網路配置,包括介面、位址、網路管理員、DNS、無線藝術品(Wi-Fi、藍牙、WWAN)、VPN(包括WireGuard)、防火牆和代理設定
- 識別附加的外設設備(PCI、USB、Thunderbolt、藍牙),包括外部儲存裝置、相機和手機,並重建列印和掃描活動

作者簡介

Bruce Nikkel is a professor at the Bern University of Applied Sciences in Switzerland, specializing in digital forensics and cybercrime. He is co-head of the university's research institute for cybersecurity and engineering, and director of the Masters program in Digital Forensics and Cyber Investigation. In addition to his academic work, he has worked in risk and security departments at a global financial institution since 1997. He headed the bank's Cybercrime Intelligence & Forensic Investigation team for more than 15 years and currently works as an advisor. Bruce holds a PhD in network forensics, is the author of Practical Forensic Imaging (No Starch Press, 2016), and is an editor with Forensic Science International's Digital Investigation journal. He has been a Unix and Linux enthusiast since the 1990s.

作者簡介(中文翻譯)

Bruce Nikkel是瑞士伯恩應用科學大學的教授,專攻數位取證和網路犯罪。他是該大學資訊安全與工程研究所的聯合主任,也是數位取證和網路調查碩士課程的主任。除了學術工作外,自1997年以來,他還在一家全球金融機構的風險和安全部門工作。他曾在該銀行擔任網路犯罪情報和取證調查團隊的負責人超過15年,目前擔任顧問職務。Bruce擁有網路取證的博士學位,是《實用取證影像》(No Starch Press,2016)的作者,也是《法醫科學國際》的《數位調查》期刊的編輯。自1990年代以來,他一直是Unix和Linux的愛好者。