Hacking Books

This particular book by Britz, is but one more example of her commitment to detail in all of her works. Like her previous books, this book is both readable and comprehensive. It is one that I myself have adopted in my computer crime course, and I am anxiously awaiting the second edition. The chapters on the legal issues and the history of computer crime are unparalleled in the extant literature. More succinctly, the greatest strength of the book is its' sheer readibility. Designed for undergraduates, this particular text is a must read for any beginner interested in computer crime and computer investigations. Unlike other books in the field which prove to be far too advanced for novices, Britz's book allows even the most unsophisticated reader to appreciate and understand the problems associated with the investigation of computer crime, as well as recognize emerging trends in this area. Please, please, provide a second edition as soon as possible!!

"Computer Forensics and Cyber Crime," written by Marjie T. Britz and, publish by Pearson Education Inc., seems to be a very well balance book, why? It just took me few minutes, between reading the introductory notes and "browsing" to its chapters, to understand that this book is well sequenced and organized.

This author explains in rather a pleasant way this subject and gradually internalizes the students by attracting them to a more extensive regions of Computer forensics, as it is data analysis, reporting or computer investigations.

This is an important and interesting field, that is capturing the
attention of many professionals and envolves many disciplines, I just read the other day in one of those infamous blogs, "Computer Archeologists are using new and powerful computer forensics tools to examine and gain understanding of 'lifted data' that apparently was written 25 years ago." Nevertheless, this author seems to have made all the efforts to bring comprehensiveness by illuminating fundamental relationships,** not only between computer history and cyber crime, if not among many issues surrounding the applications of the fourth amendment and the understanding of the limits of government decency.

The management of these seemingly intricate relationships is crucial for our immediate future, as a nation, experiencing a yet unexplored global economy which is using extensively and intensively the eCommerce over intranets, internets and the Internet, and as a nation, which some how needs to preserve the individual freedoms and leadership that rightly so, has been acquired through all its years of existence, with hard work, determination and within the framework of its fundamental democratic values.

The author closes this book by looking at the world's future issues with respect to cyber crime and even gives us routes by which we could answers most of the urgent and pressing dilemmas of our digital epoch. Do you want to know the answer, well read the book yourself and find out what this book offers.

In conclusion, this book is readable, manages and balances many aspects of this new subject, besides it seems as a good starting point and a splendid reference, from which any student can continue to build their expertise on computer forensics and Cyber crime.

** [even the use of technology to commit crimes is well referenced by this book, I observed a photograph of Bonnie and Clyde, who used then the recently invented automobile for outsmart the police of their times, p.
31]

This would have been a superb book if it had been published in 2001 or so. Coverage is wide and quite detailed -- unfortunately, it appears the research for the book was done in 2000 (that's the publication date of the msot recent references in the bibliography)and a lot of things have changed since then.
The chapters on case law and the actual process of collecting and analyzing evidence are excellent and serve to whet our appetite for an up-to-date book with that kind of detailed coverage.
Insofar as many of the best principles in evidence collection and anlysis are the old ones, this book is quite useful but it is certainly not a state of current practice presentation.

This is far the greatest linux book that I have read. I used this book for 4 yrs, eventhough i spill water on it, i did recover it and still used it. I hope GM can create a new book for the new linux distros like this.

The great content is marred by countless grammatical foibles which make the book nearly unreadable. Here's an example: "By default denying access to every one, is the first step of a reliable security policy. In this way we eliminate the possibility of forgetting someone or to making a mistake."

This is the GREATEST LINUX book I ever known. A must have book for every linux geek!

Thanks Gerhard for the great masterpiece, keep the good job on and you have my support.

That's what we say in Texas about someone who is full of flash and style, while light on the substance. An apt description of this edoc.

The book has an attractive design and the layout is interesting. The content, however, leaves something to be desired. The text is a self-congratulatory rant about how this ad agency (excuse me, provider of "high performance cross-media marketing service programs")opted to sell their white papers as Amazon edocs. Then, they chose to create this edoc in the hope of reaching the #1 spot on the edoc bestseller list. Their strategy was to give it a provocative title and price it low.

There is no how-to here, even to be forcibly extracted from the telling of their experiences. I'm giving three stars to this edoc for the design. All hat, no cattle.

Great read!
Tom Simons has too much time on his hands.
Bravo.

I purchased this book new from Amazon. I just recentley found out that the software disk provided no longer works and that there should have been a new version disk included with the book. You must have the correct disk to complete the labs. So basicly I have a new door stop!
Buyer Beware!

This was used as the textbook for the ethical hacking class I took last fall. It was a great intro book although some of the links are outdated and the CD did not work (the CD did not work for anyone regardless of the source - including the campus bookstore)

I kept the book for reference.

Under the covers of one book, the authors present a coherent view of the various network security packages freely available. The bias is in favour of open source tools, if only because these are free. The book goes deeper than just explaining how to run Nessus or Ettercap or... [etc] Most chapters involve the writing of plug-ins or extensions to those tools. Actually, another criterion for a tool to be covered in this book seems to be if it has precisely this ability to be extended by any competent person (like you).

Thus, the book is directed slightly more towards the network programmer than the network sysadmin. Though this is by no means a sharp demarcation, I hasten to add. In fact, you might be a sysadmin dissatisfied with running your current Intrusion Detection System package simply just out of the box. If so, try actively programming plug-ins using this book, to adapt the IDS to your actual network situation.

In recent years the proliferation of open source network security tools has been a boon to all aspects of the IT industry. This era was given more significance with the release of the tool SATAN, which easily enabled administrators to scan their networks for vulnerabilities. Since then, many of the most favored tools in the infosec industry are open source. This means that users can extend them as they see fit, but often this is a difficult task. Dhanjani and Clarke's book Network Security Tools is there to assist you in modifying existing tools and even writing your own.

The book is divided into two main sections, modifying several popular tools like Nessus and Metasploit, and writing new tools for the Linux kernel and the network using libpcap and libnet. Written for the intermediate-level user, NST gets right to it in Chapter 1, diving right into writing plug-ins for Nessus. Because vulnerabilities appear every day and may differ on the network you're examining, you may have to write your own plug-in that someone else hasn't. Or you may want the fame and notoriety of writing these plug-ins quickly and accurately. Whatever your motivation, you'll learn how to use NASL to write your extension. While the license has recently changed for Nessus, the version that this book targets, 2.x, will always be GPL and available for you to use.

The existing tools covered in the book - Nessus, Ethereal, Ettercap, Metasploit, Nikto, Hydra. and PMD - are designed to be extended. They have a framework and often a rich API (or, in the case of Nessus, their own language) to allow you to write those extensions. Each of the chapters on these frameworks covers some of the same basic format, namely an overview of the tools, the framework, and then an example plug-in or extension. The quality of the chapters varies, presumably due to the natural differences in the authors' experiences. However, you'll learn something in each of them.

The second half of the book covers writing your own tools against four or five different landscapes. These are Linux kernel modules and kernel-level rootkits, web assessment tools (in Perl), an automated exploit tool, and sniffers and packet injection tools (using libpcap and libnet). The authors wisely show how to take a small tool, a recon scanner from Chapter 8, and extend it in Chapter 9 to make it an automated exploit tool. Pretty cool, and you wind up with a neat web-testing tool out of it. With some more work, you can make it a framework for any sort of web-based attack methodology. The authors use clear examples and a decent presentation style to deliver a quality set of chapters.

The same can be said for the two chapters on network tools, the sniffer and the packet injector. You'll build a simple ARP sniffer with pcap and libnet, and then move on to a simple SYN scanner and then a tool called 'Airjack', which i designed for a Linux environment. Again, clear code, and the authors do an effective tour of the process by which they build some simple, but representative, tools.

Overall I'm quite pleased with NST, I think the authors have delivered a concise, practical and valuable book on the subject. While there are several frameworks available for security tools, this the first single book on the subject of writing plug-ins and extensions for most of the main tools out there. While the authors are a bit skimpish at times on the material, due to space constraints or matters of expertise, they do a good job of showing clear examples that anyone can use. If you've been curious about extending existing security tools with your own code, this is probably the best single place to start.

This book serves as a good introduction to the main seven areas of information technology reguiring ethical considerations. It is suitable for anyone who is new to computing with a social concience.

Finally a book on e-business and home computing security that the average person can read and enjoy. Highly recommended if you are spending any time on-line.

This book is far superior than many other books on similar topics, and the authors walk the line well between being academic and practical. The thrust of the book is toward an understanding of what criminologists call "emerging crime," and it delivers a well researched baseline of information synthesized with what is known or speculated about emerging trends. The end result is a product suitable for adoption in the academic marketplace, and would even make for fascinating reading by laypersons. Overall, the book is congruent with the scholarly and curricular purposes of higher education, and one shares the sense of urgency that comes across at times, but one also relishes the moments, evident in the writing, when careful and meticulous reflection is done.
The introductory chapter spares the reader from a boring introduction to the history of the Internet, and the basic typology relied upon is the well-known computer as target and computer as tool (instrument) which comes from some of the earliest distinctions made, as well as the third type, the computer as incidental to crime. The authors wisely stick to a legalistic approach, and educate or orient the reader about theft and fraud law, which is important to do. Gladly, there is not any overemphasis upon news stories. The writing is generalized when it can be, and specific when it has to be.
The criminological theory chapter is ripe with promise. Twenty-five pages are spent bringing the reader up to par on the mainstream theories in criminology, but then, strain, learning, and control theories are just applied, not really extended, to explain computer crime. Theoretical extensions are left to the reader's imagination.
There is a well-done analysis of hacker subcultures, but the approach taken is symbolic interactionist, leading to a morally relativistic position that hackers and computer criminals are qualitatively and quantitatively different from other criminals. Likewise with the discussion of virus writers, semantic danger is noted in perceiving virus writers as "technopathic" and I take this as the authors attempting to make the reader more culturally sensitive to the plight of those poor, unfairly-labeled "bad" guys.
The crimes of embezzlement, economic espionage, money laundering, and fraud are discussed in a straightforward manner, but the approach is quite legalistic, and all the reader will walk away with is a better understanding of the CFA and EEA acts.
A welcome focus on victimization appears when stalking and obscenity are discussed, but the writing is quite antiseptic, handling very meticulously and tactfully things like child prostitution and sexual predators on the Web. Topics like sex tourism are also discussed, but there's really no "voice" of the victims to be found.
Towards the middle, the book shifts to what criminal justice agencies are doing, but the discussion is freshman-level, and there's really no coverage of the Patriot Act, Homeland Security, or what the feds are doing. Other topics are missing altogether, like cyber-vigilantism. Computer forensics is the focus.
Once cyberterrorism is finally gotten around to, four types of it are discussed: infrastructure; information; facilitation; and promotion. The first type brings up the subject of homeland security. The second type brings up web defacement. The third type discusses cryptography and steganography, and the fourth type gets into the topic of propaganda. Issues are only brought up and never fully explored or exploited. An interesting inclusion is what's written on anarchy, eco-terrorism, and Internet cartoons. It seems like certain emerging trends sometimes take precedence over mundane issues.
All in all, the book grasps what can safely be generalized without losing currency. There are some brave, noble initiatives in this book, and it is creative in many respects, but it tries to deliver all things to all people, and suffers somewhat for it by lacking a perspective or voice.

I really liked this book for following reasons:
-Content is well organized
-Lots of diagrams showing different network toplpogies
-For novoices and experts

Until I found this book, I was using FoxPro books written for the PC to create my applications. This book does an excellent job of tayloring the FoxPro language to take advantage of the unique Macintosh user interface while still supporting cross-platform development on the PC as well. I found the section on multi-user access especially usefull. It is slightly out-of-date now since Visual FoxPro is now available for the Macintosh. Unfortunately, I have not found a Visual FoxPro book that meets the needs of the Macintosh community like "Hacking FoxPro".