book

Operating System Forensics

Name: Operating System Forensics
Author: Ric Messier
ISBN: 9780128019634

by Ric Messier

November 2015

Intermediate to advanced

386 pages

12h 50m

English

Syngress

Read now

Unlock full access

Cover
Title page
Table of Contents
Copyright
Dedication
Foreword
Preface
Chapter 1: Forensics and Operating Systems
AbstractIntroductionForensicsOperating systemsConclusionsSummaryExercises
Chapter 2: File Systems
AbstractIntroductionDisk geometryMaster boot recordUnified extensible firmware interfaceWindows file systemsLinux file systemsApple file systemsSlack spaceConclusionsSummaryExercises
Chapter 3: Data and File Recovery
AbstractIntroductionData carvingSearching and deleted filesSlack space and sparse filesData hidingTime stamps/stompsTime linesVolume shadow copiesSummaryExercises

Chapter 4: Memory Forensics
AbstractIntroductionReal memory and addressingVirtual memoryMemory layoutCapturing memoryAnalyzing memory capturesPage files and swap spaceSummaryExercises
Chapter 5: System Configuration
AbstractIntroductionWindowsMac OS XLinuxSummaryExercises
Chapter 6: Web Browsing
AbstractIntroductionA primer on structured query language (SQL)Web browsingMessaging servicesE-mailConclusionsExercises
Chapter 7: Tracking Artifacts
AbstractIntroductionLocation informationDocument trackingShortcutsConclusionsExercises
Chapter 8: Log Files
AbstractIntroductionWindows event logsUnix syslogApplication logsMac OS X logsSecurity logsAuditingSummaryExercises
Chapter 9: Executable Programs
AbstractIntroductionStacks and heapsPortable executablesLinux executable and linkable format (ELF)Apple OS X application bundles.NET common language runtime (CLR) / JavaDebugging/disassemblySystem calls and tracingFinding the program impactConclusionsExercises
Chapter 10: Malware
AbstractIntroductionMalware categoriesUsing researchGetting infectedStaying resident (persistence)ArtifactsAutomated analysisManual analysisConclusionsExercises
Chapter 11: Mobile Operating Systems
AbstractIntroductionEncryption and remote controlRooting/jailbreakingAndroidBlackBerryIOSWindows mobileConclusionsExercises
Chapter 12: Newer Technologies
AbstractIntroductionVirtualizationCloud computingWearablesDronesConclusionsExercises
Chapter 13: Reporting
AbstractIntroductionWriting styleArtifactsReporting requirementsReporting considerationsReport sample formatsConclusions
Subject Index

Overview

Operating System Forensics is the first book to cover all three critical operating systems for digital forensic investigations in one comprehensive reference.

Users will learn how to conduct successful digital forensic examinations in Windows, Linux, and Mac OS, the methodologies used, key technical concepts, and the tools needed to perform examinations.

Mobile operating systems such as Android, iOS, Windows, and Blackberry are also covered, providing everything practitioners need to conduct a forensic investigation of the most commonly used operating systems, including technical details of how each operating system works and how to find artifacts.

This book walks you through the critical components of investigation and operating system functionality, including file systems, data recovery, memory forensics, system configuration, Internet access, cloud computing, tracking artifacts, executable layouts, malware, and log files. You'll find coverage of key technical topics like Windows Registry, /etc directory, Web browers caches, Mbox, PST files, GPS data, ELF, and more. Hands-on exercises in each chapter drive home the concepts covered in the book. You'll get everything you need for a successful forensics examination, including incident response tactics and legal requirements. Operating System Forensics is the only place you'll find all this covered in one book.

Covers digital forensic investigations of the three major operating systems, including Windows, Linux, and Mac OS
Presents the technical details of each operating system, allowing users to find artifacts that might be missed using automated tools
Hands-on exercises drive home key concepts covered in the book.
Includes discussions of cloud, Internet, and major mobile operating systems such as Android and iOS

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9780128019634

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills