RE: Questions concerning computer forensics

From: Soontobeelsewhere (troy_at_digitalwarroom.com)
Date: 06/26/03

  • Next message: Mitch Pirtle: "Re: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618" 
    To: "'Security-Basics@Securityfocus. Com (E-Mail)'" <security-basics@securityfocus.com>
Date: Thu, 26 Jun 2003 10:16:48 -0700

    "4. I am currently reading Computer Forensics: Incident Response
    Essentials

    by Warren Kruse and Jay Heiser, are there any other books and/or whitepapers

    that anyone can suggest?"

    Warren is a good guy and his book is very good.

    Here is a reading list that has been going around (and added to):

    Hardware Section
     
    "Upgrading And Repairing PCs", by Scott Mueller, Que, ISBN: 0789725428
     
    "Troubleshooting, Maintaining & Repairing PCs", by Stephen Bigelow,
    McGraw-Hill, ISBN: 0072132728
     
    "PC Hardware in a Nutshell", by Robert Bruce Thompson, et. al., O'Reilly &
    Associates, ISBN: 1565925998
     
    Microsoft Windows Section
     
    "Inside Microsoft Windows 2000, Third Edition" by Solomon and Russinovich,
    Microsoft Press, ISBN 0-7356-1021-5
     
    "Inside the Windows 95 File System" by Stan Mitchell, O'Reilly and
    Associates, ISBN 1-56592-200-X
     
    "Windows NT File System Internals: A Developers Guide" by Rajeev Nagar,
    O'Reilly and Associates, ISBN 1-56592-249-2
     
    "Undocumented Windows NT" by Prasa Dabak, et. al., M&T Books, ISBN
    0-7645-4569-8
     
    "Undocumented Windows 2000 Secrets: A Programmer's Cookbook", by Sven B.
    Schreiber, Addison-Wesley, ISBN 0-201-72187-2
     
    "Windows 2000 Kernel Debugging" by Stephen McDowell, Prentice Hall, ISBN:
    0130406376.
     
    "Developing Windows NT Device Drivers: A Programmers Handbook" by Dekker and
    Newcomer, Addison-Wesley, ISBN: 0201695901.
     
    "Windows Admin Scripting Little Black Book" by Jesse M. Torres, Coriolis
    Group, ISBN: 1576108813.
     
    "Windows NT/2000 Network Security" by E. Eugene Schultz, New Riders, ISBN:
    1578702534.
     
    "Microsoft Windows NT Technical Support Training" by Microsoft Press, ISBN:
    1572313730.
     
    UNIX Section
     
    "Essential System Administration" by Aeleen Frisch, O'Reilly & Associates,
    ISBN: 1565921275.
     
    "UNIX System Administration Handbook, Third Edition" by Evi Nemeth, et. al.,
    Prentice Hall, ISBN: 0130206016.
     
    "Unix Power Tools Second Edition", by Jerry Peek, et. al., O'Reilly &
    Associates, ISBN: 1565922603.
     
    "Using csh and tcsh", by Paul DuBois, O'Reilly & Associates, ISBN:
    1565921321
     
    A book on the Bourne shell (sh), the Korn shell (ksh), and the Bourne Again
    shell (bash).
     
    Programming Languages Section
     
    "The C Programming Language" by Kernighan and Ritchie, Prentice Hall, ISBN
    0-13-110362-8
     
    "Programming Perl, Second Edition" by Larry Wall, et. al., O'Reilly and
    Associates, ISBN 1-56592-149-6
     
    "Perl Cookbook" by Christiansen and Torkington, O'Reilly and Associates,
    ISBN 1-56592-243-3
     
    "Mastering Regular Expressions" by Jeffrey Friedl, O'Reilly and Associates,
    ISBN 1-56592-257-3 a C++ book
    A Visual Basic book
     
    Networking Section
     
    "TCP/IP Illustrated, Volume 1: The Protocols" by W. Richard Stevens,
    Addison-Wesley, ISBN 0-201-63346-9
     
    "Steal This Computer Book" by Wallace Wang, No Starch Press, ISBN:
    1886411425.
     
    "Network Intrusion Detection: An Analyst's Handbook, Second Edition" by
    Stephen Northcutt, et. al., New Riders, ISBN 0735710082.
     
    "Sendmail, Second Edition", by Bryan Costales, O'Reilly and Associates, ISBN
    1-56592-222-0
     
    "DNS and BIND, Fourth Edition", by Albitz and Liu, O'Reilly and Associates,
    ISBN 0596001584.
     
    "The Whole Internet: The Next Generation", by Conner-Sax and Krol, O'Reilly
    and Associates, ISBN 1-56592-428-2
     
    "Practical UNIX & Internet Security", by Garfinkel and Spafford, O'Reilly
    and Associates, ISBN 1-56592-148-8
    a NetBIOS book
     
    Computer Forensics Section
     
    "Computer Forensics: Incident Response Essentials" by Kruse and Heiser,
    Addison-Wesley ISBN: 0201707195
     
    "Know Your Enemy: Revealing the Security Tools, tactics, and Motives of the
    Blackhat Community" edited by Lance Spitzner, Addison-Wesley ISBN:
    0201746131.
     
    "Handbook of Computer Crime Investigation: Forensic Tools & Technology" by
    Eoghan Casey, Academic Press ISBN: 0121631036.
     
    "Digital Evidence and Computer Crime" by Eoghan Casey, Academic Press, ISBN:
    012162885X.
     
    "Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving
    Evidence of Computer Crimes" by Marcella and Greenfield, Auerbach
    Publications, ISBN: 0849309557.
     
    "Computer Forensics: Computer Crime Scene Investigation" by John R. Vacca,
    Charles River Media, ISBN: 1584500182.
     
    "Computer Forensics and Privacy" by Michael Caloyannides, Artech House,
    ISBN: 1580532837.
     
    "Incident Response: Investigating Computer Crime" by Chris Prosise, Kevin
    Mandia, McGraw-Hill, ISBN: 0072131829.
     
    "Forensic Computing : A Practitioner's Guide" by Tony Sammes, et. al.,
    Springer Verlag, ISBN: 1852332999.
     
    "Information Assurance: Surviving the Information Environment" by Blyth and
    Kovacich, Springer Verlag, ISBN: 185233326X.
     
    Forensics Section
     
    "Criminalistics: An Introduction to Forensic Science" by Richard Saferstein,
    Prentice Hall, ISBN: 0130138274.
     
    "Techniques of Crime Scene Investigation" by Barry Fisher, CRC Press; ISBN:
    0849381193.
     
    "Criminal Investigation" by Charles Swanson, et. al, McGraw-Hill Higher
    Education; ISBN: 007228594X.
     
     
    -----Ursprüngliche Nachricht-----
    Von: Joe Lindsay [mailto:josephlindsay11182@hotmail.com]
    Gesendet: Tuesday, June 24, 2003 7:39 PM
    An: security-basics@securityfocus.com
    Betreff: Questions concerning computer forensics

    I am currently a senior in college and I am looking to go into computer
    forensics. Right now i am currently teaching myself some of the tehniques
    used in doing Win2k and some *nix investigation. I am a computer science
    and information systems major. I just have some questions about computer
    forensics in general.

    1. How closely related are computer forensics and security?

    2. I have done palm programming, and I read an article about palms being
    used to prosecute. Is there a growing need for palm forensics?

    3. I have some tools, but they are from sourceforge. Are there any
    freeware or trialware available for Win2k machine(sadly been unable to get
    linux installed, tried many different distros :-<)?

    5. Is there a growing need for computer forensics in the work place? Does
    the security analyst or consultant double up as computer forensic analyst or

    security investigator?

    Thank you for your time,

    Joe Lindsay

    _________________________________________________________________
    The new MSN 8: smart spam protection and 2 months FREE*
    http://join.msn.com/?page=features/junkmail

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant, while
    InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant, while
    InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------

  • Next message: Mitch Pirtle: "Re: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618"