Computer Evidence: Collection & Preservation.***** Computer Evidence: Collection & Preservation. By Christopher L.T. Brown; published by Charles River Media, www.charlesriver.com (Web); 416 pages; $49.95. Unfortunately, no one book makes a security generalist into a computer forensics specialist. Reading about the subject is just one step in the process. Considerable lab time and hands-on experience are necessary for the transformation to be complete. A security man ager desiring an excellent overview of the computer forensics field, however, will find this book enlightening. The text covers the legal, social, and technical aspects of computer evidence with clarity and superb teaching ability. Shunning any attempt at crafting an encyclopedia, the author is wisely brief, limiting himself to fewer than 400 pages. The book is rich in content without creating information overload A symptom of the high-tech age, which is too much information for one human being to absorb in an expanding world of people and technology. It comes from all sources including TV, newspapers, magazines as well as wanted and unwanted regular mail, e-mail and faxes. . Each chapter has a readable style with sensible, logical subdivisions to allow the reader to absorb information in manageable units. The inclusion of well-organized, clear graphs and tables builds on the text's lucidity. The author's summaries and lists of references at the end of each chapter reinforce the content and serve as a useful reviewing tool. Appendices offer the reader forms, worksheets, and technical "cheat sheets" on topics like "Hexadecimal See hex. (mathematics) hexadecimal - (Or "hex") Base 16. A number representation using the digits 0-9, with their usual meaning, plus the letters A-F (or a-f) to represent hexadecimal digits with values of (decimal) 10 to 15. Flags for Partition Types" and Cisco router commands. In addition, recognizing that professionals need quick-access aids while in the field, the author summarizes all the forensic tools discussed in the main text in a concise appendix. [ILLUSTRATION OMITTED] Another strong point for Computer Evidence is the organization of the CD-ROM CD-ROM: see compact disc. CD-ROM in full compact disc read-only memory Type of computer storage medium that is read optically (e.g., by a laser). . The disk groups tools by topic, which makes finding the appropriate tool much easier. In addition, the author uses CD icons throughout the text to identify signposts to the disk's other resources. Deftly, the author ties established forensics See computer forensics. principles, developed for physical crimes like murder, to the new field of computer forensics. He explains Lo-card's exchange principle, which states that any criminal activity involves an exchange between the criminal and the victim or the crime scene. Fingerprints, hair, fibers, or DNA DNA: see nucleic acid. DNA or deoxyribonucleic acid One of two types of nucleic acid (the other is RNA); a complex organic compound found in all living cells and many viruses. It is the chemical substance of genes. get left behind, as do digital clues lurking in slack space or swap files. The author's coverage of the law pertaining to computer evidence is far from exhaustive, but it is appropriate to the book's mission and intent. He avoids "legalese legalese - Dense, pedantic verbiage in a language description, product specification, or interface standard; text that seems designed to obfuscate and requires a language lawyer to parse it. " when covering topics like the reliability of expert testimony Testimony about a scientific, technical, or professional issue given by a person qualified to testify because of familiarity with the subject or special training in the field. . As an indicator of his clear style, he uses a table to explain which states have adopted which of the two competing legal standards for expert-testimony reliability. Computer Evidence would make for an excellent main text in an introductory graduate-level class on computer forensics. Anyone interested in getting into the field should consider the book as a prime starting point. Reviewer: Ronald L. Mendell, M.S., CISSP (Certified Information Systems Security Professional) The award for successful completion of an examination in computer security administered by the International Information Systems Security Certification Consortium (ISC)2. (Certified Information Systems Security Professional Certified Information Systems Security Professional (CISSP) is a vendor-neutral certification governed by the non-profit International Information Systems Security Certification Consortium (commonly known as (ISC)²). ), is an independent writer on security and investigative issues. He holds a master's degree in network security and is a member of ASIS International. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion