"Handbook of Computer Crime Investigation", Eoghan Casey, 2002,
%E Eoghan Casey
%C 525 B Street, Suite 1900, San Diego, CA 92101-4495
%I Academic Press/Academic Press Professional/Harcourt Brace
%O U$39.95 800-321-5068 fax: 619-699-6380 dtrujillo@...
%P 448 p.
%T "Handbook of Computer Crime Investigation"
This book is hard to read. Not because of excessive technical rigour
or depth: quite the opposite. The work lacks focus and direction, and
appears to be a compilation of components without an assembly diagram.
It's the type of material that might result from the "war stories"
told around a security seminar, after the core curriculum had been
Chapter one is entitled "Introduction," but, other than a statement
that the book is supposed to be a resource for forensic examiners who
may have to deal with computerized systems, there is almost no
declaration of what the volume is about. The remaining material in
the chapter, while it does have an obvious relation to the act of
obtaining evidence from computers, does not have any clear structure.
The points asserted are good advice, but appear to be relatively
random thoughts. The text is neither readable nor lucid: in places it
seems more like a parody of obfuscated academic papers. Chapter two
is somewhat more understandable, offering an outline on how to prepare
documentaiton for discovery. Unfortunately, while it does deal with
some technical issues (original media is better than a bit-wise copy,
which is better than a copy of a file), the material concentrates on
lawyerly debates about what might be needed, and, after a great deal
of verbiage, boils down to the recommendation to produce all possible
documentation, but not too much. (Where the material does get
technical it frequently goes too far, starting to deal with specific
pieces of software, rather than concepts.)
Part one looks at tools in forensic computing. Unfotunately, to a
greater or lesser extent, the four chapters each deal only with a
single tool or vendor; EnCase, Cisco's NetFlow logs, Network Flight
Recorder, and NTI.
Part two is entitled technology: it looks at operating systems,
networks, and other system types. Chapter seven provides some details
of the FAT (File Allocation Table) and NTFS (NT File System)
structures, as well as print spool files. A miscellaneous collection
of information about UNIX files is given in chapter eight. A
similarly unstructured compilation is listed in chapter nine, which
reviews network data. Wireless network analysis, in chapter ten,
concentrates on cellular telephone systems, and really only throws out
generic information about such setups. Chapter eleven's overview of
embedded systems varies between a similar generality and unhelpful
photographs of breadboarded circuits.
Part three provides three case studies. While interesting (parts of
the third are especially amusing), they really don't provide much in
the way of assistance to anyone having to perform investigations.
The authors and contributors seem to be much more involved in the law,
and law enforcement, than in the technology of computer forensics.
The book has no framework or structure within which to place the many
details. Therefore, the material simply blends into a haze of trivia,
rather than providing the promised handbook. For those seriously
working in the field there are many helpful points of information, but
organizing them is left as an exercise to the reader.
copyright Robert M. Slade, 2002 BKCMCRIN.RVW 20020315
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
Then Job replied: `How you have helped the powerless! How you
have saved the arm that is feeble! What advice you have offered
to one without wisdom! And what great insight you have
displayed! Who has helped you utter these words? And whose
spirit spoke from your mouth? - Job 26:1-4