Bruce Nikkel's Practical Forensic Imaging (No Starch Press)
Forensic image acquisition is an important part of the process of after-the-fact incident response and evidence collection. Digital forensic investigators acquire, preserve and manage digital evidence as part of criminal and civil court cases; they examine violations of organizational policy; and they analyze cyber attacks.
Author Bruce Nikkel, in his new book Practical Forensic Imaging published by No Starch Press, takes an in-depth look into how to secure and manage digital evidence using Linux command-line tools. This essential guide walks readers through the entire forensic acquisition process and covers a wide range of practical scenarios and situations related to the imaging of storage media. Readers learn how to perform critical tasks, such as performing forensic imaging of modern and legacy storage technologies; protecting evidence media from accidental modification; managing large forensic image files; preserving and verifying evidence integrity with cryptographic and other tools; working with newer drive and interface technologies; managing drive security and acquiring usable images from more complex or challenging situations, such as RAID systems, virtual machine images and damaged media.
With its unique focus on digital forensic acquisition and evidence preservation, Practical Forensic Imaging is a valuable resource for experienced digital forensic investigators wanting to advance their Linux skills and experienced Linux administrators wanting to learn digital forensics.
James Gray is Products Editor for Linux Journal.
- Bash Shell Script: Building a Better March Madness Bracket
- Machine Learning Everywhere
- Smoothwall Express
- Own Your DNS Data
- Simple Server Hardening
- Understanding OpenStack's Success
- From vs. to + for Microsoft and Linux
- The Weather Outside Is Frightful (Or Is It?)
- Understanding Firewalld in Multi-Zone Configurations
- Ensono M.O.