"Forensic Discovery is a book that is a book every
Linux admin should read. Forensic Discovery is a slim
volume, it clocks in at a mere 217 pages, but it's full of useful
information. As an added bonus, the book is well-written and easy
to follow, and should be accessible to any reader with a passing
understanding of Linux or UNIX systems.
"Even if you never need to conduct a forensic analysis of a
compromised system, and I hope that you don't, the book provides
the reader with an in-depth understanding of the low-level
operation of a system that they may not get just by administering a
Linux or UNIX system..."