Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of open source tools on Mac, Linux and Windows systems as a platform for performing computer forensics. Both well-known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts.
Written by world-renowned forensic practitioners, this book uses the most current examination and analysis techniques in the field. It consists of 9 chapters that cover a range of topics such as the open source examination platform; disk and file system analysis; Windows systems and artifacts; Linux systems and artifacts; Mac OS X systems and artifacts; Internet artifacts; and automating analysis and extending capabilities. The book lends itself to use by students and those entering the field who do not have means to purchase new tools for different investigations.
This book will appeal to forensic practitioners from areas including incident response teams and computer forensic investigators; forensic technicians from legal, audit, and consulting firms; and law enforcement agencies.
Written by world-renowned forensic practitioners
Details core concepts and techniques of forensic file system analysis
Covers analysis of artifacts from the Windows, Mac, and Linux operating systems
Chapter 1. Digital Forensics with Open Source Tools Chapter 2. The Open Source Examination Platform Chapter 3. Disk and File System Analysis Chapter 4. Windows Systems and Artifacts Chapter 5. Linux Systems and Artifacts Chapter 6. Mac OS X Systems and Artifacts Chapter 7. Internet Artifacts Chapter 8. File Analysis Chapter 9. Automating Analysis and Extending Capabilities Appendix A: Free, Non-Open Tools of Note
"This is highly detailed material. Although the introductory chapter adopts an easy pace, with overviews of important technical concepts, most of the other chapters get right down to the practice of forensic analysis. This is not a book you're going to want to read in bed: you'll want this right next to a computer - preferably two or three computers running different operating systems - so that you can try the techniques for yourself as you work your way through. The authors admit that this book does not cover everything you need to know. For instance, it focuses entirely on 'dead drive' forensics - offline systems. Analysing running systems often requires high-level proprietary tools. But it does give an excellent grounding in the methods of digital forensic analysis and provides a valuable first step in learning the technicalities."-- Network Security, May 2012, page 4
" Digital Forensics - MacGyver Style! The practical solutions of this book, Digital Forensics with Open Source Tools , save the day when commercial tools fail. During an incident, the clock ticks. Response teams scramble to pull anything together to solve the immediate challenge. Cory Altheide and Harlan Carvey take you through the tools and tactics that you need - the ones that in a pinch will get the job done. A welcome addition to my library ."-- Rob Lee, SANS Institute
"Intended for students and new computer professionals, or those new to open source applications, this guide to digital forensics provides practical instructions for many common tasks in data recovery and analysis using open source tools. Beginning with a discussion of setting up an open source examination platform and tool set, the work covers disk and file system analysis, Windows, GNU/Linux and Mac OS X systems and artifacts, Internet artifacts, file analysis and automated analysis. The volume includes numerous code examples and tips and tricks as well as an appendix of software tools."-- Reference and Research Book News
"Intended for students and new computer professionals, or those new to open source applications, this guide to digital forensics provides practical instructions for many common tasks in data recovery and analysis using open source tools. Beginning with a discussion of setting up an open source examination platform and tool set, the work covers disk and file system analysis, Windows, GNU/Linux and Mac OS X systems and artifacts, Internet artifacts, file analysis and automated analysis. The volume includes numerous code examples and tips and tricks as well as an appendix of software tools. Chapter examples assume a basic knowledge of the Linux command line interface."-- Reference and Research Book News
"The authors intended this book for two types of readers: complete novices in the world of digital forensics, and seasoned practitioners who are interested in learning more about open source tools that could help them in their work. And although it might seem difficult to merge the knowledge in such a way to make for an interesting book for both groups, in my opinion, the writers managed to do it beautifully." --Net-Security.org
Based on the use of open source tools, Digital Forensics with Open Source Tools lends itself to many organizations as well as students who do not have means to purchase new tools for different investigations. The open source environment provides an inexpensive training and practicing base for professional use. Well-known forensic methods are demonstrated using open-source computer forensic tools (Sleuthkit, Foremost, dcdd, pyag, etc.) for examining a wide range of target systems (Windows, Mac, Linux, Unix, etc.).The digital forensics industry is growing at a rapid pace, and this book is perfect for someone entering the field that does not have access to corporate tools.