Product Description
Updating and expanding information on concealment techniques, new technologies, hardware, software, and relevant new legislation, this second edition details scope of cyber forensics to reveal and track legal and illegal activity. Designed as an introduction and overview to the field, the authors guide you step-by-step through the basics of investigation and introduce the tools and procedures required to legally seize and forensically evaluate a suspect machine. The… More >>
I was looking for a book that would teach me how to do things. I can find lots of information on the internet, but I wanted techniques collaborated in one book by a professional. What I found was a lot of legal background, and historical background. I am not starting a computer forensics firm, but I do want to be able to track down, if some sort of mishap occurs. This book provides low level information, like dissecting Netscape, and going through and showing you how to track someone’s steps through Netscape Navigator. I wanted some more practical knowledge that I could use to fight spammers, or to show me how to deal with intrusions on my system. I was disappointed with this book, but I hope that you won’t be.
Rating: 3 / 5
I didn’t want to influence the overall rating of the book, so I gave it 3 stars. Can’t give 2 1/2.
THIS IS THE 1ST EDITION PUBLISHED IN 2002!!!!!! THERE IS A NEW VERSION (PUBLISHED DECEMBER 2007) AVAILABLE!!!
I have notified Amazon of this and I am sure they will address it as soon as they can. However, I didn’t want someone else to buy it and receive a different edition than what they expected. If you do want the 1st edition then go ahead and order away. But, if you want the 2nd edition, Amazon does sell it also.
Same title, Same authors, Same publisher, Different edition
[...]
Rating: 3 / 5
Although the book presents a wide breath of computer forensics information, it is poorly written.
It repeats the same concepts over and over again, without adding much in the process.
Some sections are just condensed information from other sources.
Some pieces also seem inconsistent.
Lastly, the writing style is hard to follow, making for a boring reading.
Rating: 2 / 5
Cyber forensics is becoming a very interesting niche. and to keep up with Joe the bad guy or Jill the bad girl, one must keep up with technology, understand the reason why, and learn the optimum way on how capture the relevant data after a suspicious activity compromises a business, entity or data; This book is a very good resource to do just that.
This is not a “for Dummies” or “introduction to” book, The author made sure the reader is aware of this in his Foreword “This text will not make you a cyber forensics investigator or technician, if you are not one already!”
Reason I read this book was to use it as a tool to improve the procedures in my company’s lab and understand the legal requirement as I collect evidence. I must say that Cyber Forensic 2nd Edition fulfilled that and more. I specially liked the immediate dive into the heart of what is important, from the definition, processes, legal issues to separation of audit from Cyber Forensics Investigations and this is the first chapter. It only gets better; I found Chapter 6 specially helpful, used most of its content and created a template to baseline the readiness of my company’s Lab to “American Society of Crime Laboratory Directors Laboratory Accreditation Board”.
Although I agree with the author about EnCase’s ridiculous pricing practice, I found the software review to be false. Encase does support the collection of enterprise network devices albeit uses an agent to do so. I suggest that Chapter 2 be revised, I also did not like the Author’s “evaluation” of different tools and rating them, this fact almost stopped me from reading the rest of the book, I also had issues with chapter 7, I suggest the 3rd edition of this book consider adding network acquisition of forensic evidence in the flowchart, also adding the legal and HR in the process flow(for corporate users) and change calling the roll or the term IT Security officers to Information Security officers (smart companies are separating Infosec from IT). Also in the same chapter I agree with the Incident response team to eradicate Virus infection but the entire process should have been modeled after the NIST SP800-61 or a similar Document, the author did a best effort but not a good one.
In conclusion, I like this book, including most of its useful Appendices.
Best Fishes and thank you for reading.
Rating: 4 / 5
This book is an excellent follow-on book to Computer Forensics: Incident Response Essentials by Kruse and Heiser, which introduces the fundamentals. This book goes much deeper and is more technical than the Kruse and Heise, therefore the ideal audience is practicing professionals who have prior experience in forensics and a wide range of hardware, software and network knowledge.
Tools and techniques are presented in painstaking detail. I was unable to find a single gap or omission, which speaks highly of the editorial and review process behind this book’s 464 pages. While most technical disciplines can dispense with finer details, the nature of forensics is to overlook nothing. If you find the step-by-step thoroughness boring that is an indication that forensics may not be your forte; if you’re an experienced professional you’ll appreciate the coverage of every technique or use of tools.
While the discussion of tools and techniques will satisfy even the most experienced practitioner, I found the detailed discussion of legal aspects, HR considerations and overall security and incident response processes to be the book’s strongest points. This area is what sets forensics experts apart from technicians, and it is here that the book (in my opinion) adds the most value. Procedures ranging from how to properly gather, preserve and control evidence, to legal considerations for designing processes are covered in clear language, as are US and international legal guidelines.
Parts that I especially like include: intrusion management and profiling, up-to-date information on electronic commerce legal issues, the numerous checklists and cited resources, and the clearly delineated process for dealing with incidents.
If you’re new to forensics you will probably get more from this book by first reading Computer Forensics: Incident Response Essentials by Kruse and Heiser. If, however, you have previous computer forensics experience or are currently serving in that role this book is probably one of the best investments you can make.
Rating: 5 / 5