Practical Linux Forensics: A Guide for Digital Investigators (Paperback)
暫譯: 實用的 Linux 取證:數位調查員指南 (平裝本)
Nikkel, Bruce
- 出版商: No Starch Press
- 出版日期: 2021-12-21
- 售價: $2,190
- 貴賓價: 9.5 折 $2,081
- 語言: 英文
- 頁數: 400
- 裝訂: Quality Paper - also called trade paper
- ISBN: 171850196X
- ISBN-13: 9781718501966
-
相關分類:
Linux
-
相關翻譯:
實戰 Linux 系統數位鑑識 (Practical Linux Forensics: A Guide for Digital Investigators) (繁中版)
買這商品的人也買了...
-
大話設計模式$620$490 -
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (Paperback)$2,240$2,128 -
Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers (Paperback)$2,030$1,929 -
無瑕的程式碼-敏捷軟體開發技巧守則 + 番外篇-專業程式設計師的生存之道 (雙書合購)$940$700 -
Kent Beck 的實作模式 (Implementation Patterns)$320$250 -
精通 Python|運用簡單的套件進行現代運算 (Introducing Python: Modern Computing in Simple Packages)$780$616 -
你所不知道的 JS|ES6 與未來發展 (You Don't Know JS: ES6 & Beyond)$520$442 -
無瑕的程式碼-敏捷完整篇-物件導向原則、設計模式與 C# 實踐 (Agile principles, patterns, and practices in C#)$790$616 -
Effective C# 中文版 | 寫出良好 C# 程式的 50個具體做法, 3/e (Effective C# : 50 Specific Ways to Improve Your C#(Covers C# 6.0), 3/e)$450$356 -
TensorFlow + Keras 深度學習人工智慧實務應用$590$460 -
Soft Skills 軟實力|軟體開發人員的生存手冊 (Soft Skills: The software developer's life manual)$520$411 -
為你自己學 Git$500$390 -
無瑕的程式碼-整潔的軟體設計與架構篇 (Clean Architecture: A Craftsman's Guide to Software Structure and Design)$580$452 -
領域驅動設計:軟體核心複雜度的解決方法 (Domain-Driven Design: Tackling Complexity in the Heart of Software)$680$578 -
I'm From Taiwan / Programmer 阿喵宅造型貼紙7X7公分 (粉色)$69$60 -
阿喵宅開發順利春聯 2入$68$68 -
白話演算法!培養程式設計的邏輯思考 (Grokking Algorithms: An illustrated guide for programmers and other curious people)$520$411 -
比 Docker 再高階一步:使用 Harbor 完成 Helm Chart 容器及鏡像雲端原生管理$880$695 -
超圖解 ESP32 深度實作$880$695 -
資料科學的建模基礎 : 別急著 coding!你知道模型的陷阱嗎?$599$473 -
加密‧解謎‧密碼學:從歷史發展到關鍵應用,有趣得不可思議的密碼研究$480$379 -
Windows APT Warfare:惡意程式前線戰術指南, 2/e$650$429 -
Evading EDR: The Definitive Guide to Defeating Endpoint Detection Systems (Paperback)$2,160$2,052 -
Final Cut Pro 視頻後期剪輯零基礎入門到精通$599$569 -
NVIDIA 輝達之道:第一本輝達詳解!從 AI 教父黃仁勳的登頂之路,看全球科技投資前景$450$355
相關主題
商品描述
A resource to help forensic investigators locate, analyze, and understand digital evidence found on modern Linux systems after a crime, security incident or cyber attack.
Practical Linux Forensics dives into the technical details of analyzing postmortem forensic images of Linux systems which have been misused, abused, or the target of malicious attacks. It helps forensic investigators locate and analyze digital evidence found on Linux desktops, servers, and IoT devices. Throughout the book, you learn how to identify digital artifacts which may be of interest to an investigation, draw logical conclusions, and reconstruct past activity from incidents. You'll learn how Linux works from a digital forensics and investigation perspective, and how to interpret evidence from Linux environments. The techniques shown are intended to be independent of the forensic analysis platforms and tools used.
Learn how to:
- Extract evidence from storage devices and analyze partition tables, volume managers, popular Linux filesystems (Ext4, Btrfs, and Xfs), and encryption
- Investigate evidence from Linux logs, including traditional syslog, the systemd journal, kernel and audit logs, and logs from daemons and applications
- Reconstruct the Linux startup process, from boot loaders (UEFI and Grub) and kernel initialization, to systemd unit files and targets leading up to a graphical login
- Perform analysis of power, temperature, and the physical environment of a Linux machine, and find evidence of sleep, hibernation, shutdowns, reboots, and crashes
- Examine installed software, including distro installers, package formats, and package management systems from Debian, Fedora, SUSE, Arch, and other distros
- Perform analysis of time and Locale settings, internationalization including language and keyboard settings, and geolocation on a Linux system
- Reconstruct user login sessions (shell, X11 and Wayland), desktops (Gnome, KDE, and others) and analyze keyrings, wallets, trash cans, clipboards, thumbnails, recent files and other desktop artifacts
- Analyze network configuration, including interfaces, addresses, network managers, DNS, wireless artifacts (Wi-Fi, Bluetooth, WWAN), VPNs (including WireGuard), firewalls, and proxy settings
- Identify traces of attached peripheral devices (PCI, USB, Thunderbolt, Bluetooth) including external storage, cameras, and mobiles, and reconstruct printing and scanning activity
商品描述(中文翻譯)
一本幫助法醫調查員定位、分析和理解在犯罪、安全事件或網路攻擊後,現代 Linux 系統上發現的數位證據的資源。
實用 Linux 法醫學 深入探討分析被濫用、誤用或成為惡意攻擊目標的 Linux 系統的事後法醫影像的技術細節。它幫助法醫調查員定位和分析在 Linux 桌面、伺服器和物聯網設備上發現的數位證據。在整本書中,您將學習如何識別可能對調查有興趣的數位文物,得出邏輯結論,並重建事件的過去活動。您將從數位法醫學和調查的角度了解 Linux 的運作方式,以及如何解釋來自 Linux 環境的證據。所展示的技術旨在獨立於所使用的法醫分析平台和工具。
學習如何:
- 從儲存設備中提取證據,並分析分割表、卷管理器、流行的 Linux 檔案系統(Ext4、Btrfs 和 Xfs)以及加密
- 調查來自 Linux 日誌的證據,包括傳統的 syslog、systemd 日誌、內核和審計日誌,以及來自守護進程和應用程式的日誌
- 重建 Linux 啟動過程,從啟動加載程式(UEFI 和 Grub)和內核初始化,到 systemd 單元檔案和目標,最終進入圖形登錄
- 執行 Linux 機器的電源、溫度和物理環境分析,並尋找睡眠、休眠、關機、重啟和崩潰的證據
- 檢查已安裝的軟體,包括發行版安裝程式、套件格式和來自 Debian、Fedora、SUSE、Arch 和其他發行版的套件管理系統
- 執行時間和區域設置的分析,包括國際化(語言和鍵盤設置)以及 Linux 系統上的地理定位
- 重建使用者登錄會話(shell、X11 和 Wayland)、桌面環境(Gnome、KDE 等),並分析金鑰圈、錢包、垃圾桶、剪貼簿、縮圖、最近檔案和其他桌面文物
- 分析網路配置,包括介面、地址、網路管理器、DNS、無線文物(Wi-Fi、Bluetooth、WWAN)、VPN(包括 WireGuard)、防火牆和代理設置
- 識別附加外圍設備的痕跡(PCI、USB、Thunderbolt、Bluetooth),包括外部儲存、相機和手機,並重建列印和掃描活動
作者簡介
Bruce Nikkel is a professor at the Bern University of Applied Sciences in Switzerland, specializing in digital forensics and cybercrime. He is co-head of the university's research institute for cybersecurity and engineering, and director of the Masters program in Digital Forensics and Cyber Investigation. In addition to his academic work, he has worked in risk and security departments at a global financial institution since 1997. He headed the bank's Cybercrime Intelligence & Forensic Investigation team for more than 15 years and currently works as an advisor. Bruce holds a PhD in network forensics, is the author of Practical Forensic Imaging (No Starch Press, 2016), and is an editor with Forensic Science International's Digital Investigation journal. He has been a Unix and Linux enthusiast since the 1990s.
作者簡介(中文翻譯)
布魯斯·尼克爾是瑞士伯恩應用科技大學的教授,專門研究數位取證和網路犯罪。他是該大學網路安全與工程研究所的共同負責人,並擔任數位取證與網路調查碩士課程的主任。除了學術工作外,自1997年以來,他還在一家全球金融機構的風險與安全部門工作。他領導該銀行的網路犯罪情報與取證調查團隊超過15年,目前擔任顧問。布魯斯擁有網路取證的博士學位,是《實用取證影像》(No Starch Press, 2016)的作者,並擔任《法醫科學國際期刊》的《數位調查》期刊編輯。他自1990年代以來一直是Unix和Linux的愛好者。
