Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Cyber Forensics", Albert J. Marcella/Robert S. Greenfield

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCYBFOR.RVW 20020319 Cyber Forensics , Albert J. Marcella/Robert S. Greenfield, 2002, 0-8493-0955-7, U$49.95 %E Albert J. Marcella %E Robert S.
    Message 1 of 1 , May 20, 2002
      BKCYBFOR.RVW 20020319

      "Cyber Forensics", Albert J. Marcella/Robert S. Greenfield, 2002,
      0-8493-0955-7, U$49.95
      %E Albert J. Marcella
      %E Robert S. Greenfield
      %C 823 Debra St, Livermore, CA 94550
      %D 2002
      %G 0-8493-0955-7
      %I Auerbach Publications
      %O U$49.95 +1-800-950-1216 auerbach@... orders@...
      %P 443 p.
      %T "Cyber Forensics: A Field Manual for Collecting, Examining, and
      Preserving Evidence of Computer Crimes"

      The introduction to this book emphasizes the fact that this is a field
      manual, designed for quick reference, and not a textbook for study.
      Unfortunately, the authors seem to have taken this as licence to throw
      in all manner of random text and documents, without much structure or
      thought for the user.

      Section one outlines the various aspects of cyber forensics, according
      to the book's definition. Chapter one is entitled "The Goal of the
      Forensic Investigation," but the actual contents offer both more and
      less than that. The chapter starts with a few possible specific
      investigations, and provides directions on initial questions to ask.
      When the material moves to more general discussion of investigations,
      it becomes vague, and loses utility. Non-liturgical investigation
      (one that is not expected to end up in court) is examined in chapter
      three, even though the text admits that the procedure should be the
      same whether you expect to end in court or not: just collect
      everything you can. The content is limited to Windows, and
      specifically to the use of Internet Explorer. Much the same, with a
      little additional material on the Registry and event log, is done with
      liturgical investigations in chapter three. A repetition of the same
      information about Internet Explorer cache and cookies is found in
      chapter four. Chapter five describes nmap, and its author, in some
      detail, and then lists a number of other UNIX utilities. The broadest
      possible interpretation of intrusion investigation is discussed in
      chapter six, and, again, the advice boils down to the importance of
      careful collection of all possible information. Chapter seven
      outlines rules of and considerations for evidence in US courts of

      Section two expands on this last chapter, looking at US (and
      supposedly international) statutes. Chapter eight examines US law
      regarding the admissability of evidence intercepted from
      communications or recovered from seized computers. Changes to the US
      National Information Infrastructure Protection Act, and an editorial
      stating that cybercrime is bad, are given in chapter nine. The
      preamble to, and some questions about, a draft of the Council of
      Europe Convention on Cybercrime, are reproduced in chapter ten.
      Chapter eleven contains random comments on privacy. US Presidential
      Decision Directive 63, calling for a plan for protection of
      information infrastructure, and a speech justifying the use of
      Carnivore are reprinted in chapter twelve. Chapter thirteen
      replicates an overview of US Public Law 106-229 on electronic
      signatures (E-SIGN) as well as a number of other pieces relating to
      electronic commerce. Legal considerations in providing the electronic
      systems mandated by the US government paperwork reduction act are
      discussed in chapter fourteen. Speeches and comments on the US
      government's attitude towards encryption ore given in chapter fifteen.
      Chapter sixteen looks at various pieces of US legislation related to

      Section three concerns tools for forensic investigation. Chapter
      seventeen discusses such tools in a very generic way, and then briefly
      lists a number of specific programs. There is a two page list of FBI
      office phone numbers in chapter eighteen, which is supposed to guide
      you in reporting Internet-related crime. Chapter nineteen is a
      simplistic four page list of questions to ask when conducting a
      computer audit.

      This is definitely not a field manual. It offers almost no practical
      advice on collecting evidence from computers: if the material in this
      book is helpful to you, you have too little knowledge of the
      technology to have any business being engaged in computer forensics.
      The most valuable part of the book involves the collection of
      documents regarding US computer related legislation, but that would be
      of interest only to American lawyers. It would be difficult to
      recommend this work to anyone else. Even security personnel wanting a
      background on US federal legislation might be advised to look
      elsewhere, since the lack of structure and analysis in the book makes
      it very hard to read.

      copyright Robert M. Slade, 2002 BKCYBFOR.RVW 20020319

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... rslade@... slade@... p1@...
      Acknowledge and take to heart this day that the Lord is God in
      heaven above and on the earth below. There is no other. Deut. 4:39
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.