REVIEW: "Cyber Forensics", Albert J. Marcella/Robert S. Greenfield
- BKCYBFOR.RVW 20020319
"Cyber Forensics", Albert J. Marcella/Robert S. Greenfield, 2002,
%E Albert J. Marcella
%E Robert S. Greenfield
%C 823 Debra St, Livermore, CA 94550
%I Auerbach Publications
%O U$49.95 +1-800-950-1216 auerbach@... orders@...
%P 443 p.
%T "Cyber Forensics: A Field Manual for Collecting, Examining, and
Preserving Evidence of Computer Crimes"
The introduction to this book emphasizes the fact that this is a field
manual, designed for quick reference, and not a textbook for study.
Unfortunately, the authors seem to have taken this as licence to throw
in all manner of random text and documents, without much structure or
thought for the user.
Section one outlines the various aspects of cyber forensics, according
to the book's definition. Chapter one is entitled "The Goal of the
Forensic Investigation," but the actual contents offer both more and
less than that. The chapter starts with a few possible specific
investigations, and provides directions on initial questions to ask.
When the material moves to more general discussion of investigations,
it becomes vague, and loses utility. Non-liturgical investigation
(one that is not expected to end up in court) is examined in chapter
three, even though the text admits that the procedure should be the
same whether you expect to end in court or not: just collect
everything you can. The content is limited to Windows, and
specifically to the use of Internet Explorer. Much the same, with a
little additional material on the Registry and event log, is done with
liturgical investigations in chapter three. A repetition of the same
information about Internet Explorer cache and cookies is found in
chapter four. Chapter five describes nmap, and its author, in some
detail, and then lists a number of other UNIX utilities. The broadest
possible interpretation of intrusion investigation is discussed in
chapter six, and, again, the advice boils down to the importance of
careful collection of all possible information. Chapter seven
outlines rules of and considerations for evidence in US courts of
Section two expands on this last chapter, looking at US (and
supposedly international) statutes. Chapter eight examines US law
regarding the admissability of evidence intercepted from
communications or recovered from seized computers. Changes to the US
National Information Infrastructure Protection Act, and an editorial
stating that cybercrime is bad, are given in chapter nine. The
preamble to, and some questions about, a draft of the Council of
Europe Convention on Cybercrime, are reproduced in chapter ten.
Chapter eleven contains random comments on privacy. US Presidential
Decision Directive 63, calling for a plan for protection of
information infrastructure, and a speech justifying the use of
Carnivore are reprinted in chapter twelve. Chapter thirteen
replicates an overview of US Public Law 106-229 on electronic
signatures (E-SIGN) as well as a number of other pieces relating to
electronic commerce. Legal considerations in providing the electronic
systems mandated by the US government paperwork reduction act are
discussed in chapter fourteen. Speeches and comments on the US
government's attitude towards encryption ore given in chapter fifteen.
Chapter sixteen looks at various pieces of US legislation related to
Section three concerns tools for forensic investigation. Chapter
seventeen discusses such tools in a very generic way, and then briefly
lists a number of specific programs. There is a two page list of FBI
office phone numbers in chapter eighteen, which is supposed to guide
you in reporting Internet-related crime. Chapter nineteen is a
simplistic four page list of questions to ask when conducting a
This is definitely not a field manual. It offers almost no practical
advice on collecting evidence from computers: if the material in this
book is helpful to you, you have too little knowledge of the
technology to have any business being engaged in computer forensics.
The most valuable part of the book involves the collection of
documents regarding US computer related legislation, but that would be
of interest only to American lawyers. It would be difficult to
recommend this work to anyone else. Even security personnel wanting a
background on US federal legislation might be advised to look
elsewhere, since the lack of structure and analysis in the book makes
it very hard to read.
copyright Robert M. Slade, 2002 BKCYBFOR.RVW 20020319
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... rslade@... slade@... p1@...
Acknowledge and take to heart this day that the Lord is God in
heaven above and on the earth below. There is no other. Deut. 4:39
http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade