Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Computer and Intrusion Forensics", George Mohay et al

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCMINFO.RVW 20030605 Computer and Intrusion Forensics , George Mohay et al, 2003, 1-58053-369-8, U$79.00 %A George Mohay %A Alison Anderson %A Byron
    Message 1 of 1 , Jul 15, 2003
      BKCMINFO.RVW 20030605

      "Computer and Intrusion Forensics", George Mohay et al, 2003,
      1-58053-369-8, U$79.00
      %A George Mohay
      %A Alison Anderson
      %A Byron Collie
      %A Olivier de Vel
      %A Rodney McKemmish
      %C 685 Canton St., Norwood, MA 02062
      %D 2003
      %G 1-58053-369-8
      %I Artech House/Horizon
      %O U$79.00 800-225-9977 fax: +1-617-769-6334 artech@...
      %O http://www.amazon.com/exec/obidos/ASIN/1580533698/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1580533698/robsladesin03-20
      %P 395 p.
      %T "Computer and Intrusion Forensics"

      The traditional data recovery aspect of computer forensics has been
      covered by Kruse and Heiser in "Computer Forensics" (cf.
      BKCMPFRN.RVW), and by Caloyannides in "Computer Forensics and Privacy"
      (cf. BKCMFRPR.RVW) (and somewhat less ably by Casey [cf.
      BKCMCRIN.RVW], Kovavish and Boni [cf. BKHTCRIH.RVW], Icove, Seger, and
      VonStorch [cf. BKCMPCRM.RVW], Marcella and Greenfield [cf.
      BKCYBFOR.RVW], van Wyk and Forna [cf. BKINCRES.RVW], and Mandia and
      Procise [cf. BKINCDRS.RVW]).

      So far network forensics has only been specifically dealt with in the
      not-terribly-useful "Hacker's Challenge," by Schiffman (cf.

      "Computer and Intrusion Forensics" is the first attempt to bring both
      topics into a single book. (It is intriguing to note that Eugene
      Spafford, who wrote the foreword, is a pioneer of the "third leg":
      software forensics, which the book does not cover.)

      Chapter one is an introduction to computer and network (intrusion)
      forensics, pointing out the ways that computers can be involved in the
      commission of crimes and the requirements for obtaining and preserving
      evidence in such cases. While the material provides a good
      foundation, the text is inflated in many places, and could benefit
      from stricter adherence to the topic and more focused writing. (One
      illustration shows a pattern of concentric rings indicating that the
      set of productive activities encompasses all legal endeavors which, in
      turn, encompasses all approved actions. I suspect that a great many
      legal and even approved activities are unproductive--while no doubt a
      number of illegal activities would be approved, at times.) "Current
      Practice," in chapter two, is a broad overview of the concerns,
      technologies, applications, procedures, and legislation bearing on
      digital evidence recovery from computers. In fact, this single
      chapter is the equivalent of, and sometimes superior to, a number of
      the computer forensics books mentioned above. However, the breadth of
      the discussion does come at the expense of depth. This content is
      quite suitable for the information security, or even legal,
      professional who needs to understand the field of computer forensics,
      but it does not have the detail that a practitioner may require.
      Although chapter three is supposed to deal with computer forensics in
      law enforcement (and there is a brief section on the rules of
      evidence), it is primarily a reiteration (and some expansion) of the
      procedures for data recovery and the software tools available for this
      task. Forensic accounting, and the algorithms that can be used to
      detect fraud, are outlined in chapter four, but very little is
      directly relevant to computer forensics as such. Case studies,
      demonstrating the techniques discussed earlier and some that are not,
      are described in chapter five. Intrusion forensics concentrates on
      intrusion detection systems (IDS), although it does not provide a very
      clear or complete explanation of the distinctions in data collection
      (host- or network-based) or analysis engines (rule, signature,
      anomaly, or statistical). Chapter seven finishes off the book with a
      list of computer forensic research which is being, or should be,

      While the computer forensic content is sound, and it is heartening to
      see other fields being included, the very limited work on network
      forensics is disappointing. This text is a useful reference for those
      needing background material on forensic technologies, but breaks no
      new ground.

      copyright Robert M. Slade, 2003 BKCMINFO.RVW 20030605

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      People demand freedom of speech as a compensation for the freedom
      of thought which they seldom use. - Soren Kierkegaard
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.