Bruce Nikkel's Practical Forensic Imaging (No Starch Press)
Forensic image acquisition is an important part of the process of after-the-fact incident response and evidence collection. Digital forensic investigators acquire, preserve and manage digital evidence as part of criminal and civil court cases; they examine violations of organizational policy; and they analyze cyber attacks.
Author Bruce Nikkel, in his new book Practical Forensic Imaging published by , takes an in-depth look into how to secure and manage digital evidence using Linux command-line tools. This essential guide walks readers through the entire forensic acquisition process and covers a wide range of practical scenarios and situations related to the imaging of storage media. Readers learn how to perform critical tasks, such as performing forensic imaging of modern and legacy storage technologies; protecting evidence media from accidental modification; managing large forensic image files; preserving and verifying evidence integrity with cryptographic and other tools; working with newer drive and interface technologies; managing drive security and acquiring usable images from more complex or challenging situations, such as RAID systems, virtual machine images and damaged media.
With its unique focus on digital forensic acquisition and evidence preservation, Practical Forensic Imaging is a valuable resource for experienced digital forensic investigators wanting to advance their Linux skills and experienced Linux administrators wanting to learn digital forensics.
James Gray is Products Editor for Linux Journal.
- VMware's Clarity Design System
- Let's Go to Mars with Martian Lander
- On Your Marks, Get Set...Gutsy Gibbon!
- Applied Expert Systems, Inc.'s CleverView for TCP/IP on Linux
- Papa's Got a Brand New NAS
- My Childhood in a Cigar Box
- Rogue Wave Software's TotalView for HPC and CodeDynamics
- Panther MPC, Inc.'s Panther Alpha
- Simplenote, Simply Awesome!
- Jetico's BestCrypt Container Encryption for Linux