参考读物 – 图书教辅

首页>参考读物>计算机科学与技术>安全

在线试读

计算机取证（英文版）

作者 : Dan Farmer, Wietse Venema

丛书名 : 经典原版书库

出版日期 : 2005-11-05

ISBN : 7-111-17365-1

定价 : 30.00元

扩展资源下载

扩展信息
图书简介
图书特色
作者简介
图书目录
图书评论
相关推荐
回到顶部

读者反馈

扩展信息

语种 : 英文

页数 : 217

开本 : 16开

原书名 : Forensic Discovery

原出版社: Addison-Wesley

属性分类: 店面

包含CD : 无

绝版 : 未绝版

图书简介

图书特色

无

作者简介

Dan Farmer, Wietse Venema：暂无简介

图书目录

I. BASIC CONCEPTS.

1. The Spirit of Forensic Discovery.
　　Introduction.
　　Unusual Activity Stands Out.
　　The Order of Volatility (OOV).
　　Layers and Illusions.
　　The Trustworthiness of Information.
　　The Fossilization of Deleted Information.
　　Archaeology vs. Geology.

2. Time Machines.
　　Introduction.
　　The First Signs of Trouble.
　　What's Up, MAC An Introduction to MACtimes.
　　Limitations of MACtimes.
　　Argus: Shedding Additional Light on the Situation.
　　Panning for Gold: Looking for Time in Unusual Places.
　　DNS and Time.
　　Journaling File Systems and MACtimes.
　　The Foibles of Time.
　　Conclusion.

II. EXPLORING SYSTEM ABSTRACTIONS.

3. File System Basics.
　　Introduction.
　　An Alphabet Soup of File Systems.
　　UNIX File Organization.
　　UNIX File Names.
　　UNIX Pathnames.
　　UNIX File Types.
　　A First Look Under the Hood: File System Internals.
　　UNIX File System Layout.
　　I've Got You Under My Skin: Delving into the File System.
　　The Twilight Zone, or Dangers Below the File System Interface.
　　Conclusion.

4. File System Analysis.
　　Introduction.
　　First Contact.
　　Preparing the Victim's File System for Analysis.
　　Capturing the Victim's File System Information.
　　Sending a Disk Image Across the Network.
　　Mounting Disk Images on an Analysis Machine.
　　Existing File MACtimes.
　　Detailed Analysis of Existing Files.
　　Wrapping Up the Existing File Analysis.
　　Intermezzo: What Happens When a File Is Deleted
　　Deleted File MACtimes.
　　Detailed Analysis of Deleted Files.
　　Exposing Out-of-Place Files by Their Inode Number.
　　Tracing a Deleted File Back to Its Original Location.
　　Tracing a Deleted File Back by Its Inode Number.
　　Another Lost Son Comes Back Home.
　　Loss of Innocence.
　　Conclusion.

5. Systems and Subversion.
　　Introduction.
　　The Standard Computer System Architecture.
　　The UNIX System Life Cycle, from Start-up to Shutdown.
　　Case Study: System Start-up Complexity.
　　Kernel Configuration Mechanisms.
　　Protecting Forensic Information with Kernel Security Levels.
　　Typical Process and System Status Tools.
　　How Process and System Status Tools Work.
　　Limitations of Process and System Status Tools.
　　Subversion with Rootkit Software.
　　Command-Level Subversion.
　　Command-Level Evasion and Detection.
　　Library-Level Subversion.
　　Kernel-Level Subversion.
　　Kernel Rootkit Installation.
　　Kernel Rootkit Operation.
　　Kernel Rootkit Detection and Evasion.
　　Conclusion.

6. Malware Analysis Basics.
　　Introduction.
　　The Dangers of Dynamic Program Analysis.
　　Program Confinement with Hard Virtual Machines.
　　Program Confinement with Soft Virtual Machines.
　　The Dangers of Confinement with Soft Virtual Machines.
　　Program Confinement with Jails and chroot().
　　Dynamic Analysis with System-Call Monitors.
　　Program Confinement with System-Call Censors.
　　Program Confinement with System-Call Spoofing.
　　The Dangers of Confinement with System Calls.
　　Dynamic Analysis with Library-Call Monitors.
　　Program Confinement with Library Calls.
　　The Dangers of Confinement with Library Calls.
　　Dynamic Analysis at the Machine-Instruction Level.
　　Static Analysis and Reverse Engineering.
　　Small Programs Can Have Many Problems.
　　Malware Analysis Countermeasures.
　　Conclusion.

III. BEYOND THE ABSTRACTIONS.

7. The Persistence of Deleted File Information.
　　Introduction.
　　Examples of Deleted Information Persistence.
　　Measuring the Persistence of Deleted File Contents.
　　Measuring the Persistence of Deleted File MACtimes.
　　The Brute-Force Persistence of Deleted File MACtimes.
　　The Long-Term Persistence of Deleted File MACtimes.
　　The Impact of User Activity on Deleted File MACtimes.
　　The Trustworthiness of Deleted File Information.
　　Why Deleted File Information Can Survive Intact.
　　Conclusion.

8. Beyond Processes.
　　Introduction.
　　The Basics of Virtual Memory.
　　The Basics of Memory Pages.
　　Files and Memory Pages.
　　Anonymous Memory Pages.
　　Capturing Memory.
　　The savecore Command.
　　Static Analysis: Recognizing Memory from Files.
　　Recovering Encrypted File Contents Without Keys.
　　File System Blocks vs. Memory Page Technique.
　　Recognizing Files in Memory.
　　Dynamic Analysis: The Persistence of Data in Memory.
　　File Persistence in Memory.
　　The Persistence of Nonfile or Anonymous, Data.
　　Swap Persistence.
　　The Persistence of Memory Through the Boot Process.
　　The Trustworthiness and Tenacity of Memory Data.
　　Conclusion.

Appendix A. The Coroner's Toolkit and Related Software.
　　Introduction.
　　Data Gathering with grave-robber.
　　Time Analysis with mactime.
　　File Reconstruction with lazarus.
　　Low-Level File System Utilities.
　　Low-Level Memory Utilities.

Appendix B. Data Gathering and the Order of Volatility.
　　Introduction.
　　The Basics of Volatility.
　　The State of the Art.
　　How to Freeze a Computer.
　　Conclusion.

References.

Index.