Computer Forensics

Image via Wikipedia

If you're a Unix administrator who has no choice other than to be interested in security, or you're just an enthusiast who likes to poke around deep in the file system searching for the fingerprints of malware, Dan Farmer of Elemental and Wietse Venema of IBM (picured right) have the book for you.

It may be getting a bit long in the tooth now, published over four years ago, and things in the security world move pretty fast, so you might be wondering why you would buy such an old book. The thing is - the world of Unix security doesn't really move all that fast. Just have a read through this online version of the book, and you'll see that pretty much all of it is still just as relevant today. They discuss SATAN, which is 14 years old and counting from the date this post was published, but when you take a look at what it did, you can see that this would still be useful today. The file system basics they cover in good detail will probably always be relevant - this hasn't changed much since the dawn of Unix. Even the principles of malware analysis will stay relevant, although you will need to keep adding to your knowledge of them. After all, we've seen new viruses and trojans emerge that fool the latest scanners by employing by now age-old techniques that had been forgotten about.

This is a solid book, and a solid online resource. As the authors request - if you are thinking of printing the book out from their website, maybe you should just buy the book instead. At $32/£24, it won't break the bank, and these guys deserve your cash. It's well worth it, as it's about as condensed as such a book can be, and provides a perfect introduction to security for students - I'm astonished it wasn't on our security course reading list, so I'll certainly be recommending it to my former lecturers.

There are a few other resources listed on their site, such as the TCT, the leading toolkit for forensics analysis on *nix systems - even available as a Gentoo package, which is where I first ran into it, adding it to my short-lived Gentoo installation.

I hope you'll find this useful, interesting or both. The return on the investment of time (and possibly money) for the chapter on file system basics alone makes the effort worthwhile.

 Resources:

• http://www.porcupine.org/forensics/
• Forensic Discovery (Amazon)
• Forensic Discovery (online)

Further reading

• Gentoo 10.1 LiveDVD Brings Fixes Enhancements (slumpedoverkeyboarddead.com)
• Basic Steps in Forensic Analysis of Unix Systems (staff.washington.edu)
  
• Gumblar malware's home domain is active again (computerworld.com)
  
• WebSphere Portal Security Concepts (slideshare.net)
• New tool seeks to block rootkits by protecting their targets (arstechnica.com)
• Nov. 10, 1983: Computer 'Virus' Is Born (wired.com)
• AIX tips for Red Hat Enterprise Linux Admins (slumpedoverkeyboarddead.com)
• Symantec offers cloud building blocks (theregister.co.uk)