<< 1 >>
Rating: 
Summary: Essays by a variety of learned and experienced authors
Review: Capably edited by Eoghan Casey (System Security Administrator, Yale University), Handbook Of Computer Crime Investigation: Forensic Tools And Technology is a fascinating guide to the software and hardware tools necessary for collecting digital evidence of cyber crimes ranging from cyberstalking and child pornography to financial fraud, espionage, or terrorism. Essays by a variety of learned and experienced authors present the latest means of forensic analysis for Windows, Unix, and more systems. Sample code, charts, and appropriate case examples pepper this amazing, cutting-edge criminology reference. Handbook Of Computer Crime Investigation is an invaluable and "user friendly" contribution to the field of computer and Internet security.
Rating: 
Summary: You'll find something to like in this collection of essays
Review: I am a senior engineer for network security operations. I bought "Handbook of Computer Crime Investigation" (HoCCI) to expand my knowledge of incident response and digital forensics. While "Incident Response" by Mandia, Prosise, and Pepe remains my top pick, HoCCI contains enough original material to qualify as recommended reading.
HoCCI is a collection of 14 distinct chapters written by 17 authors. The book's main audience appears to be law enforcement personnel, and Academic Press markets the book as a title in its "Forensic Science" catalog. The introduction states the book is written for "forensic examiners" who testify in court, although anyone performing digital forensics will find useful sections.
Some of HoCCI's strengths include numerous case studies. Ch. 2 offers examples of "ineffective" and "effective" disclosure and production of digital records in legal proceedings. Chs. 12, 13, and 14 are dedicated to factual legal and incident response scenarios. Reading these anecdotes, I perceived most of the 17 authors to be extremely familiar with their field.
Beyond helpful case studies, HoCCI provides several strong technical chapters. Bob Sheldon's Windows section (ch. 7) is excellent, and Ronald van der Knijff's embedded systems essay (ch. 11) explains the cutting edge of digital forensics. His discussions of directly reading FLASH and EEPROM memory, and using power analysis to break passwords, are impressive. I enjoyed Steve Romig's explanation of using Cisco NetFlow logs in ch. 4, and found the descriptions of wireless systems in ch. 10 to be useful.
HoCCI is not without faults. Several chapters seem like product advertisements; EnCase is the focus of ch. 3, while NFR's IDS appears in ch. 5. The network analysis section (ch. 9) repeats the much-quoted myth that TCP sequence numbers count packets; they actually count bytes of application data.
Overall, HoCCI is a useful supplement to Foundstone's "Incident Response." HoCCI may spend too many pages describing how to search hard drives for remnants of illicit images, illegal software, or harassing emails. Fortunately, its technical content distinguishes it from "Computer Forensics" by Kruse and Heiser and "Incident Response: A Strategic Guide" by Schultz and Shumway.
Rating:
Summary: You'll find something to like in this collection of essays
Review: I am a senior engineer for network security operations. I bought "Handbook of Computer Crime Investigation" (HoCCI) to expand my knowledge of incident response and digital forensics. While "Incident Response" by Mandia, Prosise, and Pepe remains my top pick, HoCCI contains enough original material to qualify as recommended reading.
HoCCI is a collection of 14 distinct chapters written by 17 authors. The book's main audience appears to be law enforcement personnel, and Academic Press markets the book as a title in its "Forensic Science" catalog. The introduction states the book is written for "forensic examiners" who testify in court, although anyone performing digital forensics will find useful sections.
Some of HoCCI's strengths include numerous case studies. Ch. 2 offers examples of "ineffective" and "effective" disclosure and production of digital records in legal proceedings. Chs. 12, 13, and 14 are dedicated to factual legal and incident response scenarios. Reading these anecdotes, I perceived most of the 17 authors to be extremely familiar with their field.
Beyond helpful case studies, HoCCI provides several strong technical chapters. Bob Sheldon's Windows section (ch. 7) is excellent, and Ronald van der Knijff's embedded systems essay (ch. 11) explains the cutting edge of digital forensics. His discussions of directly reading FLASH and EEPROM memory, and using power analysis to break passwords, are impressive. I enjoyed Steve Romig's explanation of using Cisco NetFlow logs in ch. 4, and found the descriptions of wireless systems in ch. 10 to be useful.
HoCCI is not without faults. Several chapters seem like product advertisements; EnCase is the focus of ch. 3, while NFR's IDS appears in ch. 5. The network analysis section (ch. 9) repeats the much-quoted myth that TCP sequence numbers count packets; they actually count bytes of application data.
Overall, HoCCI is a useful supplement to Foundstone's "Incident Response." HoCCI may spend too many pages describing how to search hard drives for remnants of illicit images, illegal software, or harassing emails. Fortunately, its technical content distinguishes it from "Computer Forensics" by Kruse and Heiser and "Incident Response: A Strategic Guide" by Schultz and Shumway.
Rating:
Summary: Mostly Successful
Review: Overall the book is informative, interesting, and applicable to the field of computer investigations. Most chapters have very good examples, counter-examples, and case studies to illustrate important points.However, chapter 5, NFR Security is weak. Chapter 5 is simply information about NFR's products, without placing those products in the context of the either the field, or the role or needs of the investigator. The focus of the chaper is simply the products and features available. Other chapters in the book cover specific products, but they succeed in providing a greater context for the roles the products play in the greater scheme of a successful investigation.
Rating:
Summary: A step on..
Review: The 'Handbook of Computer Crime Investigation' follows on well from Eoghan Casey's previous title, 'Digital Evidence and Computer Crime' which I found to be a sound introduction to the subject. This latest book is targeted at those already proficient in Computer Forensics and provides in depth detail of techniques essential to any computer related investigation. Also included are sections specific to examining various operating systems. As someone who both works in information security and has a particular interest in computer forensics I can thoroughly recommend this book!
Rating:
Summary: Excellent for making your own Methodology
Review: The book reviews different tools and techniques for a forensic investigation by experts in the field. Very good reference manual for new and experienced investigators.
Rating:
Summary: One of the best computer forensics books
Review: The television show Quincy was a double-edged sword for the forensic community. It elevated the status and importance of the coroner. However, the speed at which Quincy was able to find answers was utterly unrealistic. By and large, within forensics -- be it computer or human forensics -- answers are found with slow, deliberate, and methodical steps, not in the undisciplined manner that is often portrayed in the media. In light of the growing number of computer crime incidents, computer forensics is taking on a critical role within information systems. The focus of computer forensics is twofold. First is the attempt to determine whether a breach has occurred and, if so, to determine the offender. Second is prosecution of the offender, if the breach was a criminal activity. With current information technology, the first part is easier, while prosecuting a computer criminal remains extremely difficult. The criticality of a specific topic is often portrayed in the number of titles that are available on that topic. Late 2001 and early 2002 have produced nearly a dozen books on computer forensics and cyber crime. Although computer forensics is becoming a mainstream topic, the fact that more books are being published on the subject does not mean in any way that the problem will go away quickly. With this in mind, the Handbook of Computer Crime Investigation provides information on dealing with cyber crime. Each book approaches the subject from a different angle. Eoghan Casey's Handbook of Computer Crime Investigation: Forensic Tools & Technology is an excellent work. The book has articles written by 17 authors with expertise in different areas of computer crime and forensics. The authors are from the fields of law enforcement and professional services, as well as computer forensic software firms. The editor, Eoghan Casey, does a good job of keeping a coherent and logical sequence throughout the book, which is often difficult in books with multiple authors. The variety of authors is what makes this book shine. Each author addresses a specific subject matter, and the chapters are written in a clear and concise fashion. The chapters on wireless networks and embedded systems -- critical topics in a forensic investigation -- are excellent. The Handbook of Computer Crime Investigation is one of the first books to include basic forensic information on these topics. The Handbook of Computer Crime Investigation was written to complement Casey's preceding book Digital Evidence and Computer Crime (Academic Press 2000; ISBN: 012162885X). The Handbook of Computer Crime Investigation provides different looks on the proper course of digital forensic collection. The "Case Examples" sections are extremely valuable because they provide readers with examples of the technical and legal issues that arise in real-world computer investigations. The book includes sections written by forensic tool vendors. The vendors do a good job of writing in a technical nature rather than marketing hype. The general consensus between the three books is that the EnCase software tool from Guidance Software (www.guidancesoftware.com) has become the tool for use in computer forensic investigations.
Rating:
Summary: This is an excellent book from a real expert.
Review: This is an excellent book from a real expert. Everyone and their brother are writing books about computer security and digital forensics. The difference here is that Eoghan Casey knows what he is talking about. Excellent book!
Rating:
Summary: Computer Crime Investigation...Cookbook!
Review: What is your real interest?
If you have a strong background on computer networks, and want to know about 'true' computers forensic, then you should consider books like 'Know your Enemy' or 'Intrusion Signatures and Analysis'. Else, if you are not a computer networks expert or not even a computer professional, and want to have some knowledge about computers forensic, then this can be your book: very comprehensive, not too depth, rich of examples, and, as a bonus, covering several emerging security issues like Wireless Network Analysis and Embedded Systems Analysis.
Note, however that:
- It is not a traditional book, but rather a set of 'essays'.
- The contained material is quite biased, since several explanations seem to be more oriented toward promoting tools than to discuss the areas they are intended for.
<< 1 >>
|
