7 Acknowledgments

7 Acknowledgments

The security community as a whole owes a debt of gratitude to the pioneers

who generously shared what they discovered with the rest of us. I'm talking

about researchers such as David Aitel, Jamie Butler, Maximiliano Caceres,

Loic Duflot, Shawn Embleton, The Grugq, Holy Father, Nick Harbour, John

Heasman, EHas Levy, Vinnie Liu, Mark Ludwig, Wesley McGrew, H.D.

Moore, Gary Nebbett, Malt Pietrek, Mark Russinovich, Joanna Rutkowska,

Bruce Schneier, Peter Silberman, Sherri Sparks, Sven Schreiber, Arrigo Tri-

ulzi, and countless others. Much of what I've done herein builds on the public

foundation of knowledge that these people left behind, and I feel obliged to

give credit where it's due. I only hope this book docs the material justice.

Switching focus to the other side of the fence, professionals like Richard

Bejtlich, Michael Ligh, and Harlan Carvey have done an outstanding job

building a framework for dealing with incidents in the field. Based on my

own findings, I think that the "they're all idiots" mindset that crops up in

anti-forensics is awfully naive. Underestimating the aptitude or tenacity of

an investigator is a dubious proposition. An analyst with the resources and

discipline to follow through with a rigorous methodology will prove a worthy

adversary to even the most skilled attacker.

Don't say I didn't warn you.

I owe a debt of gratitude to a server administrator named Alex Keller, whom

I met years ago at San Francisco State University. The half-day that I spent

watching him clean up our primary domain controller was time well spent.

Pen and paper in hand, I jotted down notes furiously as he described what

he was doing and why. With regard to live incident response, I couldn't have

asked for a better mentor.

Thanks again Alex for going way beyond the call of duty, for being decent

enough to patiently pass on your tradecraft, and for encouraging me to learn

more. SFSU is really lucky to have someone like you aboard.

Then, there are distinguished experts in related fields that take the time to

respond to my queries and generally put up with me. In particular, I'd like to

thank Noam Chomsky, Norman Matloff, John Young, and George Ledin.

Last, but not least, I would like to extend my heartfelt thanks to all of the

hardworking individuals at .Jones & Bartlett Learning whose efforts made

this book possible; Tim Anderson, Senior Acquisitions Editor; Amy Rose,

Production Director; and Amy Bloom, Managing Editor.

0(�0-

Bill Blundcn

www.belowgotham.com