Operating System Forensics

Operating System Forensics

1st Edition - November 12, 2015

Write a review

  • Author: Ric Messier
  • Paperback ISBN: 9780128019498
  • eBook ISBN: 9780128019634

Purchase options

Purchase options
Available
DRM-free (PDF, Mobi, EPub)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

Operating System Forensics is the first book to cover all three critical operating systems for digital forensic investigations in one comprehensive reference.  Users will learn how to conduct successful digital forensic examinations in Windows, Linux, and Mac OS, the methodologies used, key technical concepts, and the tools needed to perform examinations. Mobile operating systems such as Android, iOS, Windows, and Blackberry are also covered, providing everything practitioners need to conduct a forensic investigation of the most commonly used operating systems, including technical details of how each operating system works and how to find artifacts. This book walks you through the critical components of investigation and operating system functionality, including file systems, data recovery, memory forensics, system configuration, Internet access, cloud computing, tracking artifacts, executable layouts, malware, and log files. You'll find coverage of key technical topics like Windows Registry, /etc directory, Web browers caches, Mbox, PST files, GPS data, ELF, and more. Hands-on exercises in each chapter drive home the concepts covered in the book. You'll get everything you need for a successful forensics examination, including incident response tactics and legal requirements. Operating System Forensics is the only place you'll find all this covered in one book.

Key Features

  • Covers digital forensic investigations of the three major operating systems, including Windows, Linux, and Mac OS
  • Presents the technical details of each operating system, allowing users to find artifacts that might be missed using automated tools
  • Hands-on exercises drive home key concepts covered in the book.
  • Includes discussions of cloud, Internet, and major mobile operating systems such as Android and iOS

Readership

information security professionals of all levels; digital forensic examiners and investigators; information security consultants; attorneys; law enforcement officers; forensic training vendors; universities.

Table of Contents

    • Dedication
    • Foreword
    • Preface
    • Chapter 1: Forensics and Operating Systems
      • Abstract
      • Introduction
      • Forensics
      • Operating systems
      • Conclusions
      • Summary
      • Exercises
    • Chapter 2: File Systems
      • Abstract
      • Introduction
      • Disk geometry
      • Master boot record
      • Unified extensible firmware interface
      • Windows file systems
      • Linux file systems
      • Apple file systems
      • Slack space
      • Conclusions
      • Summary
      • Exercises
    • Chapter 3: Data and File Recovery
      • Abstract
      • Introduction
      • Data carving
      • Searching and deleted files
      • Slack space and sparse files
      • Data hiding
      • Time stamps/stomps
      • Time lines
      • Volume shadow copies
      • Summary
      • Exercises
    • Chapter 4: Memory Forensics
      • Abstract
      • Introduction
      • Real memory and addressing
      • Virtual memory
      • Memory layout
      • Capturing memory
      • Analyzing memory captures
      • Page files and swap space
      • Summary
      • Exercises
    • Chapter 5: System Configuration
      • Abstract
      • Introduction
      • Windows
      • Mac OS X
      • Linux
      • Summary
      • Exercises
    • Chapter 6: Web Browsing
      • Abstract
      • Introduction
      • A primer on structured query language (SQL)
      • Web browsing
      • Messaging services
      • E-mail
      • Conclusions
      • Exercises
    • Chapter 7: Tracking Artifacts
      • Abstract
      • Introduction
      • Location information
      • Document tracking
      • Shortcuts
      • Conclusions
      • Exercises
    • Chapter 8: Log Files
      • Abstract
      • Introduction
      • Windows event logs
      • Unix syslog
      • Application logs
      • Mac OS X logs
      • Security logs
      • Auditing
      • Summary
      • Exercises
    • Chapter 9: Executable Programs
      • Abstract
      • Introduction
      • Stacks and heaps
      • Portable executables
      • Linux executable and linkable format (ELF)
      • Apple OS X application bundles
      • .NET common language runtime (CLR) / Java
      • Debugging/disassembly
      • System calls and tracing
      • Finding the program impact
      • Conclusions
      • Exercises
    • Chapter 10: Malware
      • Abstract
      • Introduction
      • Malware categories
      • Using research
      • Getting infected
      • Staying resident (persistence)
      • Artifacts
      • Automated analysis
      • Manual analysis
      • Conclusions
      • Exercises
    • Chapter 11: Mobile Operating Systems
      • Abstract
      • Introduction
      • Encryption and remote control
      • Rooting/jailbreaking
      • Android
      • BlackBerry
      • IOS
      • Windows mobile
      • Conclusions
      • Exercises
    • Chapter 12: Newer Technologies
      • Abstract
      • Introduction
      • Virtualization
      • Cloud computing
      • Wearables
      • Drones
      • Conclusions
      • Exercises
    • Chapter 13: Reporting
      • Abstract
      • Introduction
      • Writing style
      • Artifacts
      • Reporting requirements
      • Reporting considerations
      • Report sample formats
      • Conclusions
    • Subject Index

Product details

  • No. of pages: 386
  • Language: English
  • Copyright: © Syngress 2015
  • Published: November 12, 2015
  • Imprint: Syngress
  • Paperback ISBN: 9780128019498
  • eBook ISBN: 9780128019634

About the Author

Ric Messier

GSEC, CEH, CISSP, WasHere Consulting, Instructor, Graduate Professional Studies, Brandeis University and Champlain College Division of Information Technology & Sciences

Affiliations and Expertise

GSEC, CEH, CISSP, WasHere Consulting, Instructor, Graduate Professional Studies, Brandeis University and Champlain College Division of Information Technology & Sciences

Ratings and Reviews

Write a review

Latest reviews

(Total rating for all reviews)

  • UweRückeshäuser Fri Sep 20 2019

    Concise and comprehensible

    Fortunately, the title does not waste much time rehashing the same basics absolutely every forensics title seems to repeat ad nauseam. So, it contains a lot more relevant content than the page count suggests, while being highly readable for readers at the targeted level. We will start new forensics classes in January, and this title is currently on top of my list after going through quite a few. Well done. Now, if somebody would turn that into a subscription title with frequent updates for new OSs, file systems, etc. I would ask for a 6th star :-)

  • DiogoMussi Thu Sep 20 2018

    The books is great, but it lacks a few...

    The book was great, but it lacks a reliable way to dump the full RAM memory, and to clone HDD (both unencrypted, but also the Full Disk Encrypted with Filevault 2). That been said, it is a 2015 book so it requires a new edition to fully embrace latest OSX.

  • RoyalHarrell Mon Sep 10 2018

    Great information

    Great information