Book Report: Digital Forensics with Open Source Tools

It's a book about how to look over a hard drive and find out "what happened here?" This is a useful skill for computer security—you might want to figure out how a virus or hacker took over a machine just based on the changes they left behind to files. This might occasionally be useful to a computer repair person; maybe a hard drive got a little messed up such that it lost the "directory" information saying that the file Great_American_Novel.txt is in sector 1234... but you know that file contains the text "best of times". It seems like you ought to be able to recover the file if you have that information, and maybe you can.

This book talks about the process by which you do these things. It's a pretty interesting problem. How many files are on a typical hard drive nowadays? A lot. How do you sift through all of those to find those that help you figure out how someone or something misused a computer? You don't just turn on the affected computer and start clicking around looking for stuff, not any more than you would run through a crime scene knocking things over for a quick once-over. Instead you copy the disk image onto some other machine. There are tools to reconstruct files, whether that means regular files, files "forgotten" by corrupted directories, files marked-for-deletion but with their bits still there, file fragments partially written-over but with some old bits left behind in the cracks at the ends of the sectors... There are tools to reconstruct timelines: this file was accessed at this time, that file was created at that time.

I'm neither a security person nor a repair person, but I still got something out of this book. It doesn't just talk about reconstructing files. It also talks about the common things computers record about what we do even when we're not obviously working with a file. When you browse the internet, your browser is helpfully caching copies of those visited pages on your hard drive. If you're someone like me who hasn't got around to using webmail, then whenever your machine tries to send/get email to/from the greater internet, it probably logs something about how that went. And so on and so forth. If you mess something up and want to know Hey, is there some "historical log" I can look at to figure out what I messed up? the answer might be Yes.

Permalink
& Comments

Book Report: The Art of Intrusion

It's a book of hacker anecdotes. "Kevin Mitnick" is the author name on the cover, but these are stories from other hackers. They're good stories. They're not all true stories; some of them have parts that don't make sense. They're not all good people; some of these folks, when you slow down and think about the activities they describe, you realize wow, this guy's a total jerk. Probably my favorite story was about the time that a company wanted to acquire L0pht and simultaneously hired them to pen-test. The L0pht folks successfully broke in... and found the company's communications about how to negotiate the acquisition.

Permalink
& Comments

Book Report: Zero Day Happy USA Buy Nothing Day 2011, aka #OCCUPYXMAS. To celebrate, here's a report on a book I'm glad I checked out from the library: Zero Day. Maybe it's not quite accurate to say "I'm glad I checked o...