计算机取证（英文版）——经典原版书库

    近年，在全球信息化大潮的推动下，我国的计算机产业发展迅猛，对专业人才的需求日益迫切。这对计算机教育界和出版界都既是机遇，也是挑战。
由华章公司引进的“计算机科学丛书”、“经典原版书库”、“全美经典学习指导系列”这三套丛书不仅涵盖了程序设计、数据结构、操作系统、计算机体系结构、数据库、编译原理、软件工程、图形学、通信与网络、离散数学等国内大学计算机专业普遍开设的核心课程，而且各具特色——有的出自语言设计者之手、有的历经三年不衰、有的已被全世界的几百所高校采用。在这些圆熟通博的名师大作的指引之下，读者必将在计算机科学的宫殿中由登堂而入室。
权威的作者、经典的教材、一流的译者、严格的审校、精细的编辑，这些因素使我们的图书有了质量的保证。
Dan Farmer is the author of a variety of security programs and papers.He is currently chief technical officer of Elemental Security,a computer security software company.WAietse Venema has written some of the world's most widely used software,including TCP Wrapper and the Postfix mail system .He is currently a research staff member at IBM Research.Together,Farmer and Venema have written many of the world's leading information-security and forensics packages,including the SATAN network security scanner and the Coroner's Tookit.

Preface vii
About the Authors xii
PartⅠ:Basic Concepts
Chapter 1:The Spirit of Forensic Discovery
1.1 Introduction
1.2 Unusual Activity Stands Out
　　1.3　The Order of Volatility
1.4 Layers and Illusions
1.5 The Trustworthiness of Information
1.6 The Fossilization of Deleted Information
1.7 Archaeology vs.Geology
Chapter 2:Time Machines
2.1　Introduction
　　2.2　The First Signs of Trouble
　　2.3　What's Up,MAC?An Introduction to MACtimes
　　2.4　Limitations of MACtimes
　　2.5　Argus:Shedding Additional Light on the Situation
　　2.6　Panning for Gold:Looking for Time in Unusual Places
　　2.7　DNS and Time
　　2.8　Journaling File Systems and MACtimes
　　2.9　The Foibles of Time
　　2.10　Conclusion
PartⅡ:Exploring System Abstractions
Chapter 3:File System Basics
3.1 Introduction
3.2 An Alphabet Soup of File Sytems
3.3 UNIX File Organization
3.4 UNIX File Names
3.5 UNIX Pathnames
3.6 UNIX File Types
3.7 A First Look Under the Hood:File System Internals
3.8 UNIX File System Layout
……
PartⅢ:Beyond the Abstractions

Today, only minutes pass between plugging in to the Internet and being attacked by some other machine---and that's only the background noise level of nontargeted attacks. There was a time when a computer could tick away year after year without coming under attack. For examples of Internet background radiation studies, see CAIDA 2003, Cymru 2004, or IMS 2004. With this book, we summarize experiences in post-mortem intrusion analysis that we accumulated over a decade. During this period, the Internet grew explosively, from less than a hundred..