Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Unix and Linux forensic analysis DVD toolkit
Pogue C., Altheide C., Haverkos T., Syngress Publishing, 2008. 448 pp. Type: Book (9781597492690)
Date Reviewed: May 13 2009

Computer forensics is a newly emerging field that is in need of good resources. There is a growing audience, with increased awareness of security problems, governance, and legislation, in both public and private organizations. This industry/interest has sprung a large number of software utilities, forums, and blogs that offer information about various facets of the field. However, this area needs more permanent, archival, and in-depth coverage.

Pogue certainly has in-depth experience with the topic. Altheide and Haverkos, the two secondary authors, bring more industry experience. The book begins with an introduction to Linux and Unix; the later material on forensics process and analysis descriptions lacks depth, which is somewhat disappointing.

The book is well organized for an introductory book; it has eight short chapters and an appendix. In addition, the book includes a DVD that provides some examples and programs that supplement the text.

The first chapter is an introduction--that does not assume any knowledge of Unix or Linux--that defines what will and won’t be covered in the subsequent chapters. Chapter 2 concentrates on giving an introduction to Unix and its variants. It should be useful to someone who is transitioning from Windows and has no previous understanding of Unix.

Chapter 3 addresses the problem of collecting live response images--that is, the collection of data on a suspect running system. The chapter mentions a number of tools and software, both open source and commercial, without going into much detail as to their use (although it does gives a good survey of what is available and how to get the resources). Chapter 4 explains the process of initial triage and live response, including when it is important to prioritize the acquired data.

Chapter 5 is a short review of Pogue’s top ten hacking tools. It is an introduction to, and taxonomy of, hacking tools. This section is somewhat functional, but after reading the chapter, the reader will barely be able to start learning how to use the tools.

Chapter 6 covers the process file system (procfs). An analysis of the various commands, locations, and syntheses introduces the reader to more Unix idiosyncrasies. Chapter 7 offers a short--though eye-opening--beginning to file analysis.

Chapter 8 distinguishes how Linux and Unix malware differs from its relatives on a Windows platform. The conclusion is that it exists, but being infected is much less likely to occur, due to nonhomogeneity of the platform and disinterest from the hacking community. The book ends with a short appendix on cybercrime detection techniques.

Considering that the title and cover claim that this book will provide a wealth of unique information, tools, and techniques that won’t be found anywhere else, the level of expectation for the book was set too high to be sustained. Personally, I was a little disappointed by the coverage; while the book is easy to read, it leaves you feeling unfulfilled. The book may have a place in the library of a general information technology practitioner who has been recently introduced to a hybrid shop where Windows and Linux coexist, but it cannot be the base for a forensics examiner to gain expert knowledge. A practitioner in the field, after a weeklong workshop in Linux computer forensics, is too knowledgeable for this book.

The book would have to be significantly expanded in order to become part of a serious security library, as the authors, despite their impressive credentials, have difficulty communicating the essence of their expertise. Having read other reviews on this book, my opinion may put me in the minority.

Reviewer:  Jean-Pierre Kuilboer Review #: CR136822 (1004-0340)
Bookmark and Share
  Reviewer Selected
 
 
Unix (D.4.0 ... )
 
 
Linux (D.4.0 ... )
 
 
General (D.4.0 )
 
 
Security and Protection (D.4.6 )
 
 
Security and Protection (K.6.5 )
 
 
System Management (K.6.4 )
 
Would you recommend this review?
yes
no
Other reviews under "Unix": Date
UNIX network programming
Stevens W., Prentice-Hall, Inc., Upper Saddle River, NJ, 1990. Type: Book (9780139498763)
Dec 1 1991
UNIX systems: advanced administration and management handbook
Hunter B., Bradford-Hunter K., Macmillan Publishing Co., Inc., Indianapolis, IN, 1991. Type: Book (9780023589508)
Feb 1 1992
UNIX system security
Farrow R., Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1991. Type: Book (9780201570304)
Oct 1 1992
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy