When writing a technical book, one of the first questions the authors must answer is “Who is your audience?” The authors must then keep this question in mind at all times when writing. While it is hoped that this book is useful to everyone that reads it, the intended audience is primarily two groups.
The first group is new forensic practitioners. This could range from students who are brand new to the world of digital forensics, to active practitioners that are still early in their careers, to seasoned system administrators looking to make a career change. While this book is not a singular, complete compendium of all the forensic knowledge you will need to be successful, it is, hopefully, enough to get you started.
The second audience is experienced digital forensics practitioners new to open source tools. This is a fairly large audience, as commercial, proprietary tools have had a nearly exhaustive hold on working forensic examiners. Many examiners operating today are reliant upon a single commercial vendor to supply the bulk of their examination capabilities. They rely on one vendor for their core forensic platform
and may have a handful of other commercial tools used for specific tasks that their main tool does not perform (or does not perform well). These experienced examiners who have little or no experience with open source tools will also hopefully benefit greatly from the content of this book.
- CHAPTER 1 Digital Forensics with Open Source Tools
- CHAPTER 2 Open Source Examination Platform
- CHAPTER 3 Disk and File System Analysis
- CHAPTER 4 Windows Systems and Artifacts
- CHAPTER 5 Linux Systems and Artifacts
- CHAPTER 6 Mac OS X Systems and Artifacts
- CHAPTER 7 Internet
- CHAPTER 8 File Analysis
- CHAPTER 9 Automating Analysis and Extending Capabilities