Posts Tagged ‘computer forensics books’

Windows Forensics: The Field Guide for Corporate Computer Investigations

March 8th, 2010 Comments off

Windows Forensics The evidence is in–to solve Windows crime, you need Windows tools.

An arcane pursuit a decade ago, forensic science today is a household term. And while the computer forensic analyst may not lead as exciting a life as TV’s CSIs do, he or she relies just as heavily on scientific principles and just as surely solves crime.

Whether you are contemplating a career in this growing field or are already an analyst in a Unix/Linux environment, this book prepares you to combat computer crime in the Windows world. Here are the tools to help you recover sabotaged files, track down the source of threatening e-mails, investigate industrial espionage, and expose computer criminals.

  • Identify evidence of fraud, electronic theft, and employee Internet abuse
  • Investigate crime related to instant messaging, Lotus Notes(r), and increasingly popular browsers such as Firefox(r)
  • Learn what it takes to become a computer forensics analyst
  • Take advantage of sample forms and layouts as well as case studies
  • Protect the integrity of evidence
  • Compile a forensic response toolkit
  • Assess and analyze damage from computer crime and process the crime scene
  • Develop a structure for effectively conducting investigations
  • Discover how to locate evidence in the Windows Registry

Computer Forensics: Hard Disk and Operating Systems

March 1st, 2010 Comments off

Computer Forensics Computer Forensics: Hard Disk and Operating Systems (Ec-Council Press Series : Computer Forensics) by EC-Council

The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks. Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating potential legal evidence. In full, this and the other four books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker’s path through a client system. The series and accompanying labs help prepare the security student or professional to profile an intruder’s footprint and gather all necessary information and evidence to support prosecution in a court of law. Hard Disks, File and Operating Systems provides a basic understanding of file systems, hard disks and digital media devices. Boot processes, Windows and Linux Forensics and application of password crackers are all discussed.

Incident Response and Computer Forensics (Second Edition)

January 25th, 2010 Comments off

Incident Response and Computer Forensics (Second Edition) Incident Response and Computer Forensics, Second Edition by Chris Prosise, Kevin Mandia, Matt Pepe.

  • Paperback: 507 pages
  • Publisher: McGraw-Hill/Osborne; 2 edition (July 17, 2003)
  • Language: English
  • ISBN-10: 007222696X
  • ISBN-13: 978-0072226966
  • Product Dimensions: 9.1 x 7.3 x 1.2 inches
  • Shipping Weight: 2 pounds
  • Popular: 4.5 out of 5 stars


A strong system of defenses will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Incident Response aims to teach you how to determine when an attack has occurred or is underway–they’re often hard to spot–and show you what to do about it. Authors Kevin Mandia and Chris Prosise favor a tools- and procedures-centric approach to the subject, thereby distinguishing this book from others that catalog particular attacks and methods for dealing with each one. The approach is more generic, and therefore better suited to dealing with newly emerging attack techniques.

Anti-attack procedures are presented with the goal of identifying, apprehending, and successfully prosecuting attackers. The advice on carefully preserving volatile information, such as the list of processes active at the time of an attack, is easy to follow. The book is quick to endorse tools, the functionalities of which are described so as to inspire creative applications. Information on bad-guy behavior is top quality as well, giving readers knowledge of how to interpret logs and other observed phenomena. Mandia and Prosise don’t–and can’t–offer a foolproof guide to catching crackers in the act, but they do offer a great “best practices” guide to active surveillance. –David Wall

Topics covered: Monitoring computer systems for evidence of malicious activity, and reacting to such activity when it’s detected. With coverage of Windows and Unix systems as well as non-platform-specific resources like Web services and routers, the book covers the fundamentals of incident response, processes for gathering evidence of an attack, and tools for making forensic work easier. –This text refers to an alternate Paperback edition.


List Price: $52.99 Price: $33.38 You Save: $19.61

Computer Forensics: Incident Response Essentials

January 19th, 2010 Comments off

Computer Forensics: Incident Response Essentials

Computer Forensics: Incident Response Essentials by Warren G. Kruse, Jay G. Heiser


  • Paperback: 416 pages
  • Publisher: Addison-Wesley Professional (October 6, 2001)
  • Language: English
  • ISBN-10: 0201707195
  • ISBN-13: 978-0201707199
  • Product Dimensions: 9.1 x 7.3 x 0.9 inches
  • Shipping Weight: 1.4 pounds
  • Popular: image


Computer security is a crucial aspect of modern information management, and one of the latest buzzwords is incident response–detecting and reacting to security breaches. Computer Forensics offers information professionals a disciplined approach to implementing a comprehensive incident-response plan, with a focus on being able to detect intruders, discover what damage they did, and hopefully find out who they are.

There is little doubt that the authors are serious about cyberinvestigation. They advise companies to “treat every case like it will end up in court,” and although this sounds extreme, it is good advice. Upon detecting a malicious attack on a system, many system administrators react instinctively. This often involves fixing the problem with minimal downtime, then providing the necessary incremental security to protect against an identical attack. The authors warn that this approach often contaminates evidence and makes it difficult to track the perpetrator. This book describes how to maximize system uptime while protecting the integrity of the “crime scene.”

The bulk of Computer Forensics details the technical skills required to become an effective electronic sleuth, with an emphasis on providing a well-documented basis for a criminal investigation. The key to success is becoming a “white hat” hacker in order to combat the criminal “black hat” hackers. The message is clear: if you’re not smart enough to break into someone else’s system, you’re probably not smart enough to catch someone breaking into your system. In this vein, the authors use a number of technical examples and encourage the readers to develop expertise in Unix/Linux and Windows NT fundamentals. They also provide an overview of a number of third-party tools, many of which can be used for both tracking hackers and to probe your own systems.

The authors explain their investigative techniques via a number of real-world anecdotes. It is striking that many of the same hacks detailed in Cliff Stoll’s classic The Cuckoo’s Egg are still in use over 10 years later–both on the criminal and investigative fronts. It is up to individual companies whether or not to pursue each attempted security violation as a potential criminal case, but Computer Forensics provides a strong argument to consider doing so. –Pete Ostenson


List Price: $54.99 Price: $34.64 You Save: $20.35

Computer Forensics JumpStart (Jumpstart (Sybex))

January 19th, 2010 Comments off
  • Computer Forensics JumpStart Paperback: 304 pages
  • Publisher: Wiley (December 10, 2004)
  • Language: English
  • ISBN-10: 078214375X
  • ISBN-13: 978-0782143751
  • Product Dimensions: 8.8 x 7.5 x 0.7 inches
  • Shipping Weight: 9.6 ounces
  • Popular: 4.5 out of 5 stars


At the heart of modern corporate crime and counter-terrorism investigations, computer forensics is now the fastest growing segment of IT and law enforcement. For everyone curious about this hot field, here is an in-depth introduction to the technological, social, and political issues at hand. Sybex’s JumpStart approach is ideal for those interested in computer forensics but not yet sure what it’s all about. It offers a complete overview of the basic skills and available certifications that can help to launch a new career.

Launch Your Career in Computer Forensics—Quickly and Effectively Written by a team of computer forensics experts, Computer Forensics JumpStart provides all the core information you need to launch your career in this fast-growing field:

  • Conducting a computer forensics investigation
  • Examining the layout of a network
  • Finding hidden data
  • Capturing images
  • Identifying, collecting, and preserving computer evidence
  • Understanding encryption and examining encrypted files
  • Documenting your case
  • Evaluating common computer forensic tools
  • Presenting computer evidence in court as an expert witness


List Price: $29.99 Price: $19.79 You Save: $10.20