SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, August 14, 2011

Impressions: Digital Forensics with Open Source Tools

Posted on 2:15 PM by Unknown
For my fourth impressions post, I'll turn to the digital forensics world for Digital Forensics with Open Source Tools (DFWOST) by Cory Altheide and Harlan Carvey. I took a lot of notes but didn't read closely enough in my opinion to merit a full review.



I didn't like the way this book started. I can't tell if the authors expect the reader to be familiar with open source software or not. The book needed to start in chapter 2 with something like "let's start by selecting Ubuntu for our operating system. We like it for the following reasons..." In contrast, the reader suddenly finds himself in the "Working with Images" section trying to use losetup, mmls, doing math, etc. That's too fast! Many reading this book are going to get lost on page 23 between "sudo apt-get install libfuse-dev libexpat1-dev" and advice to use "a simple ./configure..."



Beyond the rough start, however, I thought the rest of the book was interesting. I liked reading about a variety of tools, especially trying to accomplish the same task on Linux and Windows. I enjoyed reading about hidden Windows Event Logs in ch 4 and about hachoir in ch 8. The book made great use of public evidence sources, like the Digital Corpora.



Near the end of the book (ch 9) I read a reference to Rob Lee's SIFT platform, so I wondered by the book didn't use it throughout? I also would have liked to have read more about log2timeline in ch 9.



One note for a second edition: some figures in the book feature resolutions so high that the text is not legible given the size of the screen captures.



I think you will like DFWOST, but I bet the second edition will be stronger.

Tweet
Email ThisBlogThis!Share to XShare to Facebook
Posted in impressions | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Review of Intelligence, 4th Ed Posted
    Amazon.com just posted my five star review of Intelligence: From Secrets to Policy, 4th Ed by Mark Lowenthall . From the review : I was a...
  • SQL Injection Challenge and Time-Based Security
    Thanks to this Tweet by @ryancbarnett, I learned of the lessons learned of the Level II component of the ModSecurity SQL Injection Challen...
  • Practice of Network Security Monitoring Table of Contents
    Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monito...
  • C-SPAN Posts Video of Tuesday Hearing
    You can now access video of Tuesday's House Select Committee on Intelligence Hearing on Cybersecurity at C-SPAN . Some people are alread...
  • Bejtlich's Thoughts on "Why Our Best Officers Are Leaving"
    Twenty-two years ago today I flew to Colorado Springs, CO and reported for Basic Cadet Training with the class of 1994 at the United States ...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • Bejtlich Teaching at Black Hat West Coast Trainings
    I'm pleased to announce that I will be teaching at  Black Hat West Coast Trainings  9-10 December 2013 in Seattle, Washington. This is a...
  • Mandiant APT1 Report: 25 Best Commentaries of the Last 12 Days
    Two weeks ago today our team at Mandiant was feverishly preparing the release of our APT1 report . In the twelve days that followed public...
  • Tort Law on Negligence
    If any lawyers want to contribute to this, please do. In my post Shodan: Another Step Towards Intrusion as a Service , some comments claim ...
  • Review of America the Vulnerable Posted
    Amazon.com just posted my five star review of America the Vulnerable by Joel Brenner. I reproduce the review in its entirety below. I'...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ▼  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ▼  August (18)
      • TaoSecurity Security Effectiveness Model
      • TCP/IP Weapons School 3.0 in McLean, VA 26-27 Oct
      • Jaime Metzl Describes "China's Threat to World Order"
      • Expect to Hear "IDS Is Dead" (Again)
      • Bejtlich Leading Session at IANS
      • Check Out MANDIANT Job Postings
      • Tao of NSM Errata and Possible Book Plans
      • Bejtlich Webinar for Dark Reading and InformationWeek
      • Bejtlich Keynote at Hawaiian Telcom Conference
      • Feedback from Latest TCP/IP Weapons School 3.0 Class
      • Impressions: Android Forensics
      • Impressions: iPhone and iOS Forensics
      • Impressions: XBox 360 Forensics
      • Impressions: Digital Forensics with Open Source Tools
      • Impressions: The Shellcoder's Handbook, 2nd Ed
      • Impressions: Reversing: Secrets of Reverse Enginee...
      • Impressions: The IDA Pro Book, 2nd Ed
      • Book Reviews vs Impressions
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile