Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Computer Forensics", Warren G. Kruse II/Jay G. Heiser

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCMPFRN.RVW 20020221 Computer Forensics , Warren G. Kruse II/Jay G. Heiser, 2001, 0-201-70719-5, U$39.99/C$59.95 %A Warren G. Kruse II
    Message 1 of 1 , Mar 26, 2002
      BKCMPFRN.RVW 20020221

      "Computer Forensics", Warren G. Kruse II/Jay G. Heiser, 2001,
      0-201-70719-5, U$39.99/C$59.95
      %A Warren G. Kruse II wkruse@...
      %A Jay G. Heiser
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2002
      %G 0-201-70719-5
      %I Addison-Wesley Publishing Co.
      %O U$39.99/C$59.95 416-447-5101 fax: 416-443-0948 bkexpress@...
      %P 392 p.
      %T "Computer Forensics: Incident Response Essentials"

      I'm still disappointed that authors seem to think computer forensics
      is limited to data recovery, but this work at least has utility value
      going for it.

      Chapter one is a rough outline of data recovery, with an emphasis on
      documentation and the chain of evidence. Basic information about IP
      addressing, for the purpose of tracing intruders, is given in chapter
      two: it is useful and does not drown the reader in inconsequential
      details. (There is an oddly vitriolic dismissal of the story of the
      origin of the term for Packet INternet Groper.) A valuable discussion
      of email headers, and a very terse outline of intrusion detection
      systems (IDS) are also included. Hard drive basics and concepts are
      given in chapter three. The material is generally good, but some
      points on imaging and connecting are passed over rather quickly.
      Chapter four has a reasonable high-level overview of encryption
      abstractions, but it is difficult to see the immediate relevance of
      the material to forensics. "Data Hiding," chapter five, contains some
      meandering topics that range from password cracking to NTFS (NT File
      System) streams to steganography. A few tools for dealing with these
      problems are listed. The description of hostile code, in chapter six,
      matches that of weeds in gardening: anything you don't want. It is,
      therefore, unsurprising to find that the content, while basically
      sound, is not particularly structured or helpful.

      A list of software (and some hardware) tools are described in chapter
      seven. Chapter eight explains a number of points about the Windows
      operating system that might affect data recovery and forensics. (The
      material discussed is not, unfortunately, exhaustive, although it is
      very useful as far as it goes.) The introduction to UNIX, in chapter
      nine, is more structured and detailed, although it examines fewer
      specific tools. Chapter ten's general overview of an attack on a UNIX
      system is fairly standard, although there is a useful table of
      commonly compromised system utilities. A wide variety of tools and
      commands for collecting information from and about UNIX systems is
      given briefly in chapter eleven.

      Chapter twelve is a short introduction to general concepts in the (US)
      law enforcement system. The last chapter is a rather abrupt finish to
      the book. There are seven appendices, the most useful of which is a
      handy point form overview of incident response activities.

      Computer forensics books are starting to come out of the woodwork, and
      most offer such sage advice as "gather evidence" and "don't mess up
      the chain of custody." This book does tend to follow the same style
      and tone, but also has very valuable tips for practical work. It
      won't help you much in analysis, but it will help you become better at
      collecting data that will stand up in court.

      copyright Robert M. Slade, 2002 BKCMPFRN.RVW 20020221

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Nam tua res agitur, paries cum proximus ardet.
      - For it is your business, when the wall next door catches fire.
      - Horace, Epistles
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.