- Email: [email protected]
Python Forensics
REVIEWS
Reviews BOOK REVIEW
Python Forensics Chet Hosmer. Published by Syngress. ISBN: 9780124186767 (print), 9780124186835 (e-book). Price: 50.95, 352pgs, paperback and e-book editions available. s systems, software and threats evolve at a rapid pace, the tools used by security professionals can become outdated pretty fast. And those professionals are often in need of very specific tools to tackle problems posed by individual systems or environments. That’s why they so frequently turn to scripting languages.
A
While shell scripting is likely to remain an essential part of the security professional’s toolkit, its place is rapidly being taken by a variety of newer scripting languages that offer high-level access to low-level processes along with all the benefits of objectoriented programming, a massive choice of ready-made libraries and frameworks, and programming environments (including IDEs) that enable fast coding. And of these languages, Python is arguably the strongest and most popular among infosecurity specialists. In the forensics world, Python not only offers adaptability, it also has one outstanding quality that recommends it – cost. Python costs nothing to install and the tools you develop with it will also be free (aside from your time) while being perfectly suited to your needs. That stands in stark contrast to the eye-watering price of many commercial forensics solutions that are not just expensive to buy but also costly to maintain and update – something you have to do if your tools are to keep up with the changing technology landscape. Python is also very easy to learn, while offering access to low-level processes where needed. Maybe it won’t give you the performance of, say, a C program, but Python is much faster to write. Although some may
4
Network Security
dismiss it as ‘merely’ a scripting (rather than programming) language, that distinction is getting fuzzier by the day. And being an interpreted language, it allows for rapid experimentation. Chet Hosmer says that this book is intended as an ‘on ramp’ – an introduction to using Python for forensic investigation. It therefore starts with advice on how to install a suitable Python environment. But it’s not a Python tutorial per se, and for the total newcomer you’re going to want to avail yourself of a Python programming book to use alongside this one. The main chapters mostly deal with specific forensic challenges – searching and indexing, evidence extraction (using images as an example), network forensics and so on. As this kind of work can be resourceintensive, there’s also a chapter on multiprocessor programming. If you already have experience with Python, you will find this book very useful in explaining the specifics of how its capabilities can be best exploited for forensics work. The examples given are built using Python 2.7, but the accompanying website also has many of the code samples adapted for Python 3.x. This book is not a complete course in Python programming, nor is it a thorough guide to forensic examination. Its aim is to get you started on using Python to develop your own tools – to give you an idea of the possibilities so that you can then leverage the power of the language to suit your own needs. In this it succeeds very well. There’s more information available here: http://bit.ly/201409review_python. – SM-D BOOK REVIEW
The Basics of Information Security
Jason Andress. Published by Syngress. Second Edition. ISBN: 9780128007440. Price: $25.95, 240pgs, paperback.
I
n common with the rest of the Syngress ‘The Basics’ series, this aims to provide a grounding in both
theoretical and practical aspects of information security. That’s a fairly tall order in 240 pages. As environments and threats become more complex, there is a tendency for information security to be broken down into ever more specialised domains and skills.
That said, there is still a need for this kind of introductory text. The author, Jason Andress, touches on this when outlining who the book is for – those starting on their information security careers, more general network and IT professionals who need to understand the issues, and business managers who want to get a grasp on why this is a subject that must be on their radar. After quickly running through the general concepts of what we mean by information security – touching on things like defence in depth and types of attack along the way – Andress devotes individual chapters to: identification and authentication; authorisation and access control; auditing and accountability; cryptography; laws and regulations; operational security; the human element; and physical security. Network, operating system and application security also get their own chapters. This is a lot of ground for a relatively short book, and one could easily have expected the author to skip over, for example, the human element (in order to concentrate on the more technically oriented objects) or physical security. Yet their inclusion is to be applauded. Information security should not be seen as an isolated and purely IT-focused issue. Nor, for that matter, should it be seen as a matter of significance only to an infosecurity department or professional. Everyone within an organisation has responsibility for keeping information secure – whether they are handling the data or are responsible for approving the budgets for security solutions. And they have much to gain from this work, particularly as it is not especially technical. Andress focuses mainly on concepts and describes sometimes complex issues with great clarity. Infosec advocates have been saying for years that education is key to achieving high levels of security and a book like this can play its part. It’s tempting to say that the people most in need of the information here are not infosecurity professionals at all, but everyone else in the organisation. There’s more information here: http://bit. ly/201409review_basics. – SM-D
September 2014
Reviews BOOK REVIEW
Python Forensics Chet Hosmer. Published by Syngress. ISBN: 9780124186767 (print), 9780124186835 (e-book). Price: 50.95, 352pgs, paperback and e-book editions available. s systems, software and threats evolve at a rapid pace, the tools used by security professionals can become outdated pretty fast. And those professionals are often in need of very specific tools to tackle problems posed by individual systems or environments. That’s why they so frequently turn to scripting languages.
A
While shell scripting is likely to remain an essential part of the security professional’s toolkit, its place is rapidly being taken by a variety of newer scripting languages that offer high-level access to low-level processes along with all the benefits of objectoriented programming, a massive choice of ready-made libraries and frameworks, and programming environments (including IDEs) that enable fast coding. And of these languages, Python is arguably the strongest and most popular among infosecurity specialists. In the forensics world, Python not only offers adaptability, it also has one outstanding quality that recommends it – cost. Python costs nothing to install and the tools you develop with it will also be free (aside from your time) while being perfectly suited to your needs. That stands in stark contrast to the eye-watering price of many commercial forensics solutions that are not just expensive to buy but also costly to maintain and update – something you have to do if your tools are to keep up with the changing technology landscape. Python is also very easy to learn, while offering access to low-level processes where needed. Maybe it won’t give you the performance of, say, a C program, but Python is much faster to write. Although some may
4
Network Security
dismiss it as ‘merely’ a scripting (rather than programming) language, that distinction is getting fuzzier by the day. And being an interpreted language, it allows for rapid experimentation. Chet Hosmer says that this book is intended as an ‘on ramp’ – an introduction to using Python for forensic investigation. It therefore starts with advice on how to install a suitable Python environment. But it’s not a Python tutorial per se, and for the total newcomer you’re going to want to avail yourself of a Python programming book to use alongside this one. The main chapters mostly deal with specific forensic challenges – searching and indexing, evidence extraction (using images as an example), network forensics and so on. As this kind of work can be resourceintensive, there’s also a chapter on multiprocessor programming. If you already have experience with Python, you will find this book very useful in explaining the specifics of how its capabilities can be best exploited for forensics work. The examples given are built using Python 2.7, but the accompanying website also has many of the code samples adapted for Python 3.x. This book is not a complete course in Python programming, nor is it a thorough guide to forensic examination. Its aim is to get you started on using Python to develop your own tools – to give you an idea of the possibilities so that you can then leverage the power of the language to suit your own needs. In this it succeeds very well. There’s more information available here: http://bit.ly/201409review_python. – SM-D BOOK REVIEW
The Basics of Information Security
Jason Andress. Published by Syngress. Second Edition. ISBN: 9780128007440. Price: $25.95, 240pgs, paperback.
I
n common with the rest of the Syngress ‘The Basics’ series, this aims to provide a grounding in both
theoretical and practical aspects of information security. That’s a fairly tall order in 240 pages. As environments and threats become more complex, there is a tendency for information security to be broken down into ever more specialised domains and skills.
That said, there is still a need for this kind of introductory text. The author, Jason Andress, touches on this when outlining who the book is for – those starting on their information security careers, more general network and IT professionals who need to understand the issues, and business managers who want to get a grasp on why this is a subject that must be on their radar. After quickly running through the general concepts of what we mean by information security – touching on things like defence in depth and types of attack along the way – Andress devotes individual chapters to: identification and authentication; authorisation and access control; auditing and accountability; cryptography; laws and regulations; operational security; the human element; and physical security. Network, operating system and application security also get their own chapters. This is a lot of ground for a relatively short book, and one could easily have expected the author to skip over, for example, the human element (in order to concentrate on the more technically oriented objects) or physical security. Yet their inclusion is to be applauded. Information security should not be seen as an isolated and purely IT-focused issue. Nor, for that matter, should it be seen as a matter of significance only to an infosecurity department or professional. Everyone within an organisation has responsibility for keeping information secure – whether they are handling the data or are responsible for approving the budgets for security solutions. And they have much to gain from this work, particularly as it is not especially technical. Andress focuses mainly on concepts and describes sometimes complex issues with great clarity. Infosec advocates have been saying for years that education is key to achieving high levels of security and a book like this can play its part. It’s tempting to say that the people most in need of the information here are not infosecurity professionals at all, but everyone else in the organisation. There’s more information here: http://bit. ly/201409review_basics. – SM-D
September 2014