Thursday, June 4, 2009

Book Review - Perl Scripting for Windows Security

Syngress was kind enough to give me a copy of Harlan Carvey's book, "Perl Scripting for Windows Security" while I was visiting the Syngress booth at Techno-Security this week.  After reading the book, I have to say that I was really pleased with the content.

This is not a Perl tutorial.  However, if you happen to be using any of Harlan's tools that he has written in Perl to perform live response, post-mortem forensics or network security administration, the book gives good insight into exactly what the scripts are doing and why.
While I am not a Perl programmer, I have over 25 years of experience programming in various computer languages.  Based on what I saw in the book, anyone with fairly basic programming knowledge can understand what Harlan is doing with the scripts and if they want to learn Perl, could use them as an excellent method for advancing their knowledge into writing specific scripts later on.
For someone who is an experienced programmer who wants to dive into Perl scripting, once you have gained an understanding of the Perl syntax and coding rules, Harlan's scripts and advice in the book for additional resources are  an excellent way to get deeper into coding Perl for specific security tasks.
The foundation of programming is basically the same, no matter what language you choose to use.  What differs between the different languages is primarily features and syntax.  In other words, how you have to structure your coding for the interpreter or compiler to understand what you are trying to do.
The book is organized into three parts, with Part 1 covering how to use Perl for incident response and troubleshooting live systems.  Part 2 covers post-mortem forensics and Part 3 covers monitoring application processes, Web services and log files.
While it is not a huge tome like many programming books, it is important to bear in mind that this is not a programming book.  This is a book that demonstrates specific scripts for specific tasks.  If you are a long time coder like me, you will appreciate a book that deals with a specific subject matter without trying to teach you everything and nothing about a programming language.
If you are interested in coding your own security or forensic tools, I would highly recommend this book.