最 低 价:¥13.20
| Dan Farmer is the author of a variety of security programs and papers. He is currently chief technical officer of Elemental Security, a computer security software company. Wietse Venema has written some of the world's most widely used software, including TCP Wrapper and the Postfix mail system. He is currently a research staff member at IBM Research. Together, Farmer and Venema have written many of the world's leading information-security and for.. << 查看详细 |
| preface vii about the authors xii part i: basic concepts chapter 1: the spirit of forensic discovery 1.1 introduction 1.2 unusual activity stands out 1.3 the order of volatility (oov) 1.4 layers and illusions 1.5 the trustworthiness of information 1.6 the fossilization of deleted information 1.7 archaeology vs. geology chapter 2: time machines 2.1 introduction 2.2 the first signs of trouble 2.3 what's up, mac? an introduction to mactimes 2.4 limitations of mactimes 2.5 argus: shedding additional light on the situation 2.6 panning for gold: looking for tune in unusual places 2.7 dns and tune 2.8 journaling file systems and mactimes .2.9 the foibles of ttme 2.10 conclusion part ii: exploring system abstractions chapter 3: file system basics 3.1 introduction 3.2 an alphabet soup of file systems 3.3 unix file organization 3.4 unix file names 3.5 unix pathnames 3.6 unix file types regular files directories symbolic links ipc endpoints device files 3.7 a first look under the hood: file system internals 3.8 unix file system layout 3.9 i've got you under my skin: delving into the file system 3.10 the twilight zone, or dangers below the file system interface 3.11 conclusion chapter 4: file system analysis 4.1 introduction 4.2 first contact 4.3 preparing the victim's file system for analysis 4.4 capturing the victim's file system information 4.5 sending a disk image across the network 4.6 mounting disk images on an analysis machine 4.7 existing file mactimes 4.8 detailed analysis of existing files 4.9 wrapping up the existing file analysis 4.10 intermezzo: what happens when a file is deleted? parent directory entry parent directory attributes inode blocks data blocks 4.11 deleted file mactimes 4.12 detailed analysis of deleted files 4.13 exposing out-of-place files by their inode number 4.14 tracing a deleted file back to its original location 4.15 tracing a deleted file back by its inode number 4.16 another lost son comes back home 4.17 loss of innocence 4.18 conclusion chapter 5: systems and subversion 5.1 introduction 5.2 the standard computer system architecture 5.3 the unix system life cycle, from start-up to shutdown 5.4 case study: system start-up complexity 5.5 kernel configuration mechanisms 5.6 protecting forensic information with kemel security levels 5.7 typical process and system status tools 5.8 how process and system status tools work 5.9 limitations of process and system status tools 5.10 subversion with rootkit software 5.11 command-level subversion 5.12 command-level evasion and detection 5.13 library-level subversion 5.14 kernel-level subversion 5.15 kernel rootkit installation 5.16 kernel rootkit operation 5.17 kernel rootkit detection and evasion 5.18 conclusion chapter 6: malware analysis basics 6.1 introduction 6.2 the dangers of dynamic program analysis 6.3 program confinement with hard virtual machines 6.4 program confinement with soft virtual machines 6.5 the dangers of confinement with soft virtual machines 6.6 program confinement with jails and chroot ( ) 6.7 dynamic analysis with system-call monitors 6.8 program confinement with system-call censors 6.9 program confinement with system-call spoofing 6.10 the dangers of confinement with system calls 6.11 dynamic analysis with library-call monitors 6.12 program confinement with library calls 6.13 the dangers of confinement with library calls 6.14 dynamic analysis at the machine-instruction level 6.15 static analysis and reverse engineering 6.16 small programs can have many problems 6.17 malware analysis countermeasures 6.18 conclusion part iii: beyond the abstractions chapter 7: the persistence of deleted file information 7.1 introduction 7.2 examples of deleted information persistence 7.3 measuring the persistence of deleted file contents 7.4 measuring the persistence of deleted file macfimes 7.5 the brute-force persistence of deleted file mactimes 7.6 the long-term persistence of deleted file macfimes 7.7 the impact of user activity on deleted file mactimes 7.8 the trustworthiness of deleted file information 7.9 why deleted file information can survive intact 7.10 conclusion chapter 8: beyond processes 8.1 introduction 8.2 the basics of virtual memory 8.3 the basics of memory pages 8.4 files and memory pages 8.5 anonymous memory pages 8.6 capturing memory 8.7 the savecore command memory device files: / dev/mere and / dev / kmem swap space other memory locations 8.8 static analysis: recognizing memory trom files 8.9 recovering encrypted file contents without keys creating an encrypted file recovering the encrypted file from main memory 8.10 file system blocks vs. memory page technique 8.11 recognizing files in memory 8.12 dynamic analysis: the persistence of data in memory 8.13 file persistence in memory 8.14 the persistence of nonfile, or anonymous, data 8.15 swap persistence 8.16 the persistence of memory through the boot process 8.17 the trustworthiness and tenacity of memory data 8.18 conclusion appendix a the coroner's toolkit and related software a.1 introduction a.2 data gathering with grave-robber a.3 tune analysis with mactime a.4 file reconstruction with lazarus a.5 low-level file system utilities a.6 low-level memory utilities appendix b data gathering and the order of volatility b.1 introduction b.2 the basics of volatility b.3 the state of the art b.4 how to freeze a computer before you start actually collecting data b.5 conclusion references index |
内容加载中,请稍后...
商品评论(0条)