Tuesday, April 16, 2002

Book Review. Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes by by Albert J. Marcella Jr (Editor) and Robert S. Greenfield (Editor). Thorough and suitable for the experienced professional.

This book is an excellent follow-on book to Computer Forensics: Incident Response Essentials by Kruse and Heiser, which introduces the fundamentals. See my 14 April entry in Postcards from the Revolution for details. This book goes much deeper and is more technical than the Kruse and Heise, therefore the ideal audience is practicing professionals who have prior experience in forensics and a wide range of hardware, software and network knowledge.

Tools and techniques are presented in painstaking detail. I was unable to find a single gap or omission, which speaks highly of the editorial and review process behind this book's 464 pages. While most technical disciplines can dispense with finer details, the nature of forensics is to overlook nothing. If you find the step-by-step thoroughness boring that is an indication that forensics may not be your forte; if you're an experienced professional you'll appreciate the coverage of every technique or use of tools.

While the discussion of tools and techniques will satisfy even the most experienced practitioner, I found the detailed discussion of legal aspects, HR considerations and overall security and incident response processes to be the book's strongest points. This area is what sets forensics experts apart from technicians, and it is here that the book (in my opinion) adds the most value. Procedures ranging from how to properly gather, preserve and control evidence, to legal considerations for designing processes are covered in clear language, as are US and international legal guidelines.

Parts that I especially like include: intrusion management and profiling, up-to-date information on electronic commerce legal issues, the numerous checklists and cited resources, and the clearly delineated process for dealing with incidents.

If you're new to forensics you will probably get more from this book by first reading Computer Forensics: Incident Response Essentials by Kruse and Heiser. If, however, you have previous computer forensics experience or are currently serving in that role this book is probably one of the best investments you can make.

The book's accompanying web site keeps it up-to-date and provides additional material and links on forensics and other security-related information.

<< Home

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]