Digital Forensics with Open Source Tools

by Harlan Carvey, Harlan Carvey

Digital Forensics with Open Source Tools is the definitive book on investigating and analyzing computer systems and media using open source tools. The book is a technical procedural guide, and explains the use of open source tools on Mac, Linux and Windows systems as a platform for performing computer forensics. Both well-known and novel forensic methods are demonstrated using command-line and graphical open source computer forensic tools for examining a wide range of target systems and artifacts. Written by world-renowned forensic practitioners, this book uses the most current examination and analysis techniques in the field. It consists of 9 chapters that cover a range of topics such as the open source examination platform; disk and file system analysis; Windows systems and artifacts; Linux systems and artifacts; Mac OS X systems and artifacts; Internet artifacts; and automating analysis and extending capabilities. The book lends itself to use by students and those entering the field who do not have means to purchase new tools for different investigations. This book will appeal to forensic practitioners from areas including incident response teams and computer forensic investigators; forensic technicians from legal, audit, and consulting firms; and law enforcement agencies.

Genres: Hackers, Computers, Technology

288 pages, Paperback

First published April 15, 2011

Reviews

[Jacqui · Rating 5 out of 5]

I write techno-thrillers, so I'm always looking for new ways to crack the tangled online lives of popular fictional characters, a blueprint for the next "Digital Fortress". In the case of Altheide and Carvey's Digital Forensics with Open Source Tools (Elsevier, 2011), I'll have to keep looking, but I wasn't disappointed. It delves into the equally obfuscated world of computer malfunctions. In plain English (as opposed to the acronyms more rampant in the geek world than the government), it details how to investigate a variety of problems on a variety of systems to find out what went wrong and how to fix it--using open source tools. The 'fix it' part is the digital forensics which the authors define as "the use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of ...reconstruction of events found to be criminal..."

Simple enough, though for the purposes of this review, I truncated the original 54-word definition by half. In full disclosure, the book includes many neologistic words like 'MinGW', 'RAID', 'installing interpreter's, 'perl, python and ruby' because the authors admit their intended audience is new forensic practitioners or experienced ones interested in delving into open source tools. Those weird words are their language, but the authors do a good enough job defining the more complicated terms that beginners will want this book in their library. It summarizes the wide variety of platforms out there--Linux, Windows, MacOS and more--and which open source products can best be used to address what forensic problems.

The authors are Cory Altheide and Harland Carvey. Mr. Altheide has a robust background performing end-to-end forensic investigation (you can see what he's up to on his blog, even ask questions about the book if this review hasn't covered enough. I have to tell you, after browsing his posts, his tweets and his LinkedIn profile, what this guy doesn't know about digital forensics, no one does). Likewise with Harlan Carvey. His blog goes much deeper than my personal knowledge base and itemizes enough incident responses that it's clear Mr. Carvey knows of which he speaks.

Even if you aren't a nerdy geek who sits in front of a computer 24/7, you will come away from this book impressed with the creativity and ingenuity of today's computer minds. Man's survival has always been about using the brain, stretching those synapses, thinking not only outside the box, but into the next. Some say American education is in trouble, but if it turns out problem solvers like these two, we're in good shape.

Jacqui Murray is the editor of a technology curriculum for K-fifth grade and creator of two technology training books for middle school. She is the author of Building a Midshipman, the story of her daughter’s journey from high school to United States Naval Academy midshipman. She is webmaster for five blogs, an Amazon Vine Voice book reviewer, a columnist for Examiner.com, and a weekly contributor to Write Anything and Technology in Education. Currently, she’s working on a techno-thriller that should be ready this summer. Contact Jacqui at her writing office or her tech lab, Ask a Tech Teacher.

[Mick Petzold · Rating 4 out of 5]

A bit dated perhaps, but a comprehensive foundation of computer forensics using free open source tools with Linux rather than the often expensive commercial counterparts.

[Dan · Rating 4 out of 5]

Overall this is an excellent book. I am using this as one of the textbooks (along with "File System Forensic Analysis" by Brian Carrier) to teach an undergraduate course on Computer Forensics. I am impressed with this book and its content. The authors do a great job explaining a variety of tools that help forensicators analyze digital evidence. My only complaint is that some of the tools don't quite work as indicated in the text, and sometimes the installation instructions don't work as outlined. But this is all part of the game, and of using Linux in general.... Overall it's an excellent book.

[Takedown · Rating 4 out of 5]

Good book for beginners, focused on "how" with free and OSS tools, but still explaining things where necessary.
Short, concise and to the point, it's packing a lot of useful information in a few pages making it a quick and useful read.

[Cloay]

- available in SG NLB 363.25968 (QT)

[Robert Lee · Rating 5 out of 5]

Such a great book for beginnings and pros alike. It really gives exceptional insight into digital forensics while using tools and resources available to everyone.

[amy · Rating 3 out of 5]

Seems useful but not entirely applicable to my project. Might revisit with better grasp of the command line (someday).