Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Forensic Discovery Hardcover – Jan 9 2005

Amazon Price New from Used from
"Please retry"
CDN$ 68.40 CDN$ 5.47

Join Amazon Student in Canada

Customers Who Bought This Item Also Bought


Product Details

  • Hardcover: 240 pages
  • Publisher: Addison-Wesley Professional (Jan. 9 2005)
  • Language: English
  • ISBN-10: 020163497X
  • ISBN-13: 978-0201634976
  • Product Dimensions: 2 x 18.1 x 23.9 cm
  • Shipping Weight: 662 g
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (1 customer review)
  • Amazon Bestsellers Rank: #894,792 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Customer Reviews

4.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See the customer review
Share your thoughts with other customers

Most helpful customer reviews

By Mark Nenadov TOP 1000 REVIEWER on Sept. 4 2006
Format: Hardcover
I must admit that some parts of this book are "over my head". However, this book packs quite a punch with much insight into forensics and explanations that are detailed and accompanied by MANY practical examples. The authors do a fine job of making this book interesting and they actually keep it rather short (believe me, most books on the subject are). One possible flaw is that I'd probably prefer for it to have a bit more theory and a bit less practical examples.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 16 reviews
22 of 23 people found the following review helpful
Brief but intense Jan. 24 2005
By Jack D. Herrington - Published on Amazon.com
Format: Hardcover
They say it's good to leave your audience wanting more, but I'm not sure how correct that is with tech books. In this case I am definitely wanting more. About a third of the book is on basic operating system introductory material. The rest of the book starts to get in-depth on file system analysis, hacker trapping, and some basic data analysis. But then it ends. And I wanted more.

Definitely a good start at file system analysis, specifically on Unix machines. But you will definitely be left wanting more of the same.
13 of 13 people found the following review helpful
Small on size, but big on detail March 11 2005
By Kevin J. Schmidt - Published on Amazon.com
Format: Hardcover
This book is small, but it is packed with information. The book is easy to read. I learned a thing or two myself about UNIX filesystems regarding forensics. Every serious security practioner should read this book.
12 of 12 people found the following review helpful
Great Information from Two Network Security Legends April 11 2005
By sixmonkeyjungle - Published on Amazon.com
Format: Hardcover
I have learned a lot from other computer forensics books such as Harlan Carvey's Windows Forensics and Incident Recovery or Kevin Mandia and Chris Prosise's Incident Response and Computer Forensics - 2nd Edition, but this one has a slightly different approach and conveys a lot of good, detailed information in a relatively concise book.

The book is aimed at readers who wish to gain a deeper understanding of how computer systems work, particularly system administrators or those who may actually be tasked with performing a forensic investigation. The book does assume some level of computer knowledge such as the basic concepts of networking, system processes or file systems and is not intended for pure novices.

Farmer and Venema focus a fair amount of attention on the concept of time and how to use it in a forensic investigation. They also highlight a sort of order of operations for how to proceed to try and ensure you retrieve volatile data before it disappears.

Computer forensics is an area of network and computer security that I am particularly interested in. This is an excellent book which I highly recommend. It is well-written and very educational, but it is also a fairly quick read.

11 of 11 people found the following review helpful
Superb forensics book on evidence discovery April 19 2005
By Dr Anton Chuvakin - Published on Amazon.com
Format: Hardcover
I enjoyed the book ("Forensic Discovery") since it came when I was preparing for my SANS forensics certification (GCFA). Obviously, the "household" names on the cover caught my attention as well. I used TCT and other tools created by the authors and thus my expectations for the book were pretty high. It did deliver! I picked up a whole lot of tidbits on file system forensics as well as malware and compromised system investigation. Unlike some other volumes, this book does not seek to be comprehensive; instead, it focuses on the fun things and focuses on them well.

In particular, I liked authors' ideas and tips on the OOV (order of volatility) of evidence. While not new, they are extremely well-presented in the book. Other highly useful sections were the ones on time stamps and their analysis and file deletion analysis (with thorough persistence of deleted file analysis). I did not like the sections on malware analysis that much, likely because some other book go way more in-depth then this one (like, for example recent Szor's book on viruses).

The book mostly covers Unix, Windows is also mentioned a couple of times.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II". In his spare time, he maintains his security portal info-secure.org
9 of 10 people found the following review helpful
Forensic Discovery is a great resource July 3 2005
By Paul Dale - Published on Amazon.com
Format: Hardcover
I read forensic discovery last week on the plane home from San Francisco. After a few chapters I was hooked and could barely put it down to eat. This book is absolutely recommended for anyone at all interested in security concepts as well as system administrators or anyone who would need to understand the way that information exists and persists on computer systems.

Product Images from Customers