Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Handbook of Computer Crime Investigation", Eoghan Casey

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCMCRIN.RVW 20020315 Handbook of Computer Crime Investigation , Eoghan Casey, 2002, 0-12-163103-6 %E Eoghan Casey %C 525 B Street, Suite 1900, San
    Message 1 of 1 , Apr 15, 2002
    • 0 Attachment
      BKCMCRIN.RVW 20020315

      "Handbook of Computer Crime Investigation", Eoghan Casey, 2002,
      %E Eoghan Casey
      %C 525 B Street, Suite 1900, San Diego, CA 92101-4495
      %D 2002
      %G 0-12-163103-6
      %I Academic Press/Academic Press Professional/Harcourt Brace
      %O U$39.95 800-321-5068 fax: 619-699-6380 dtrujillo@...
      %P 448 p.
      %T "Handbook of Computer Crime Investigation"

      This book is hard to read. Not because of excessive technical rigour
      or depth: quite the opposite. The work lacks focus and direction, and
      appears to be a compilation of components without an assembly diagram.
      It's the type of material that might result from the "war stories"
      told around a security seminar, after the core curriculum had been
      taken away.

      Chapter one is entitled "Introduction," but, other than a statement
      that the book is supposed to be a resource for forensic examiners who
      may have to deal with computerized systems, there is almost no
      declaration of what the volume is about. The remaining material in
      the chapter, while it does have an obvious relation to the act of
      obtaining evidence from computers, does not have any clear structure.
      The points asserted are good advice, but appear to be relatively
      random thoughts. The text is neither readable nor lucid: in places it
      seems more like a parody of obfuscated academic papers. Chapter two
      is somewhat more understandable, offering an outline on how to prepare
      documentaiton for discovery. Unfortunately, while it does deal with
      some technical issues (original media is better than a bit-wise copy,
      which is better than a copy of a file), the material concentrates on
      lawyerly debates about what might be needed, and, after a great deal
      of verbiage, boils down to the recommendation to produce all possible
      documentation, but not too much. (Where the material does get
      technical it frequently goes too far, starting to deal with specific
      pieces of software, rather than concepts.)

      Part one looks at tools in forensic computing. Unfotunately, to a
      greater or lesser extent, the four chapters each deal only with a
      single tool or vendor; EnCase, Cisco's NetFlow logs, Network Flight
      Recorder, and NTI.

      Part two is entitled technology: it looks at operating systems,
      networks, and other system types. Chapter seven provides some details
      of the FAT (File Allocation Table) and NTFS (NT File System)
      structures, as well as print spool files. A miscellaneous collection
      of information about UNIX files is given in chapter eight. A
      similarly unstructured compilation is listed in chapter nine, which
      reviews network data. Wireless network analysis, in chapter ten,
      concentrates on cellular telephone systems, and really only throws out
      generic information about such setups. Chapter eleven's overview of
      embedded systems varies between a similar generality and unhelpful
      photographs of breadboarded circuits.

      Part three provides three case studies. While interesting (parts of
      the third are especially amusing), they really don't provide much in
      the way of assistance to anyone having to perform investigations.

      The authors and contributors seem to be much more involved in the law,
      and law enforcement, than in the technology of computer forensics.
      The book has no framework or structure within which to place the many
      details. Therefore, the material simply blends into a haze of trivia,
      rather than providing the promised handbook. For those seriously
      working in the field there are many helpful points of information, but
      organizing them is left as an exercise to the reader.

      copyright Robert M. Slade, 2002 BKCMCRIN.RVW 20020315

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Then Job replied: `How you have helped the powerless! How you
      have saved the arm that is feeble! What advice you have offered
      to one without wisdom! And what great insight you have
      displayed! Who has helped you utter these words? And whose
      spirit spoke from your mouth? - Job 26:1-4
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.