Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "High Technology Crime Investigator's Handbook", Gerald L. Kovacich/William C. Boni

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKHTCRIH.RVW 20021012 High Technology Crime Investigator s Handbook , Gerald L. Kovacich/William C. Boni, 2000, 0-75067806-X, U$34.95 %A Gerald L.
    Message 1 of 1 , Nov 13, 2002
      BKHTCRIH.RVW 20021012

      "High Technology Crime Investigator's Handbook", Gerald L.
      Kovacich/William C. Boni, 2000, 0-75067806-X, U$34.95
      %A Gerald L. Kovacich shockwavewriters.com
      %A William C. Boni
      %C 2000 Corporate Blvd. NW, Boca Raton, FL 33431
      %D 2000
      %G 0-75067806-X
      %I Butterworth-Heinemann/CRC Press/Digital Press
      %O U$34.95 800-272-7737 http://www.bh.com/bh/ dp-catalog@...
      %P 298 p.
      %T "High Technology Crime Investigator's Handbook: Working in the
      Global Information Environment"

      The preface makes the somewhat contradictory statement that the book
      is "not a `how to investigate high-technology crime' book but provides
      basic information for someone ... new to the profession." This odd
      assertion may be partially explained by the fact the text is very
      heavy on career and organizational matters, and extremely light on
      functions and technology. It would appear that any technical issues
      are seen as "how to," while corporate politics are basic information.

      Part one provides an introduction to the high technology crime
      environment, in broad overview. Chapter one is a pedestrian
      presentation of high technology. The text is very disjointed (a
      discussion of government departments using high-tech crime as a
      justification to fight for increased budgets is immediately followed
      by a minor example of online harassment), and, despite the promotion
      of the importance of technical information and tools for crime
      investigation, the technical material is weak, simplistic, and oddly
      handled. For example, a subjective and imprecise measure of data
      volume (a book) is used to calculate ridiculously "accurate" (in terms
      of significant figures) store sizes for a variety of obsolete systems.
      There is a superficial and pessimistic look, in chapter two, at the
      "Global Information Infrastructure." Again, the technical content is
      insubstantial: mention of lists of top level domains makes reference
      to using a search engine to find them, but the instructions consist of
      "well, you're an investigator, investigate." This seems to sum up the
      attitude to providing necessary information. High-technology
      miscreants, in chapter three, are reasonably well described, with only
      minor errors. There is an internal contradiction when the text lumps
      phone phreaks in with hackers, and then treats them as distinct, and
      the book retails the Cap'n Crunch myth, whereas Draper himself points
      out that he was taught about the 2600 hertz whistle. There is a
      slight overemphasis on the importance of "professional hackers."
      Chapter four's coverage of attack technology is jumpy and fragmented.
      An "ISP attack" makes little sense, while spoofing is narrowly defined
      to include only one specific type of session hijacking. Three pages
      of diagrams of PBX (Private Branch eXchange) attacks explain nothing.
      Protection technology, in chapter five, is defined as access control,
      accountability, and audit trails, followed by a random grab bag of
      security ideas.

      Part two is an overview of the high technology crime investigation
      profession or unit. This material is basically recycled from "The
      Information Systems Security Officer's Guide," by one Gerald L.
      Kovacich. There are a large number of very short chapters. Chapter
      six is a generic promotion for career planning, with added, but oddly
      irrelevant, details. Marketing yourself, in terms of preparation of
      resumes and for interviews, is in chapter seven. Chapter eight
      describes the perfect, and therefore fictional, company to work for.
      This is followed by the perfect job description in nine, the perfect
      investigative unit in ten (with some brief staff job descriptions in
      eleven), and the perfect mandate (plus an excessively detailed example
      of a PBX survey) in chapter twelve. Chapter thirteen suggests that
      you develop contacts, but, somewhat in opposition to the career
      building emphasis earlier, this concentrates on "sources" or
      informers. The development of metrics, in chapter fourteen, seems to
      be primarily concerned with the creation of bar charts to show
      management that you've been working. The "Final Thoughts," in chapter
      fifteen, are mostly vague opinions.

      Part three is entitled high technology crimes and investigations.
      Chapter sixteen has various stories, with almost no detail, about
      crimes and computers, few of which are relevant to corporate
      investigations. There is some useful advice, in chapter seventeen, on
      the initial seizure and chain of custody of computer equipment, but
      the discussion is limited to data recovery.

      Part four is supposed to be about challenges to high technology crime
      investigation, but chapter eighteen, the only section, simply contains
      more vague thoughts.

      For someone trying to build a career via political maneuvering, this
      book can provide some useful tips. For someone trying to investigate
      a crime involving computers, it might be a bit frustrating.

      copyright Robert M. Slade, 2002 BKHTCRIH.RVW 20021012
    Your message has been successfully submitted and would be delivered to recipients shortly.