Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Real Digital Forensics", Keith J. Jones/Richard Bejtlich/Curtis W. Rose

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKRLDGFR.RVW 20051127 Real Digital Forensics , Keith J. Jones/Richard Bejtlich/Curtis W. Rose, 2006, 0-321-24069-3, U$49.99/C$69.99 %A Keith J. Jones %A
    Message 1 of 1 , Feb 17, 2006
      BKRLDGFR.RVW 20051127

      "Real Digital Forensics", Keith J. Jones/Richard Bejtlich/Curtis W.
      Rose, 2006, 0-321-24069-3, U$49.99/C$69.99
      %A Keith J. Jones
      %A Richard Bejtlich taosecurity.com taosecurity.blogspot.com
      %A Curtis W. Rose www.red-cliff.com
      %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
      %D 2006
      %G 0-321-24069-3
      %I Addison-Wesley Publishing Co.
      %O U$49.99/C$69.99 fax: 416-443-0948 800-822-6339 bkexpress@...
      %O http://www.amazon.com/exec/obidos/ASIN/0321240693/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0321240693/robsladesin03-20
      %O Audience a+ Tech 1 Writing 1 (see revfaq.htm for explanation)
      %P 650 p. + DVD
      %T "Real Digital Forensics: Computer Security and Incident Response"

      Some forensics books provide a CD-ROM with (usually demo) versions of
      computer forensic software. This one provides a DVD of log and other
      forensic data, and points the reader to sites for open source tools
      that can be used to explore it. Six "case studies," of fictitious
      situations, have been provided, and are referred to at different times
      and places within the book.

      Part one ostensibly looks at response to an incident in real time.
      Chapter one outlines tools that can be used for data capture and
      analysis of various types on a Windows computer (associated with the
      first "case"). There is rather limited explanation of the choices and
      decisions involved (the authors make frequent mention that topics are
      "beyond the scope" of this book and that the reader should go and get
      their other works), and it is not always easy to follow the structure
      that the authors may have intended, but the material should be
      reasonable enough for the dedicated reader to work through. A
      duplicate situation, with a UNIX system, is presented in chapter two.

      Part two concentrates on network-based forensics, although a number of
      activities in the first division related to the network as well.
      Chapter three, almost irritatingly simplistic after the "jump in and
      swim" approach in the first two, lists some tools for collecting
      network data and evidence. Analysis of the data is outlined in
      chapter four (for Windows) and five (for UNIX). Again, the resulting
      listings can make for annoying reading: the authors will frequently
      note that a page or two of densely packed and impenetrable figures
      demonstrate a certain conclusion, but they do not always say why.

      Part three examines forensic copying or duplication of systems.
      Chapter six covers some basic, and some oddball, points and
      suggestions. A few commercial (in chapter seven) and non-commercial
      (in chapter eight) data duplication tools are presented.

      Forensics analysis techniques get some discussion in part four.
      Chapter nine uses various tools to try and access disk images or
      deleted files. Tools for reconstructing Web browsing activity are
      listed in chapter ten, while email is scrutinized in chapter eleven.
      The Registry gets special attention in chapter twelve. Analysis of
      two Linux executable files is attempted in chapters thirteen (a known
      file) and fourteen (unknown). Chapter fifteen combines both in
      looking at Windows programs, but uses the Cygwin system to utilize
      UNIX-like tools.

      Part five purportedly discusses the creation of a complete forensic
      toolkit. However, chapter sixteen just lists a few tools, and
      seventeen suggests making your CD of utilities bootable via the
      Knoppix distribution.

      Part six reviews mobile device forensics. Chapter eighteen notes some
      tools for accessing PDAs (Personal Digital Assistants). Mounting USB
      (Universal Serial Bus) devices on Linux is covered briefly in chapter
      nineteen, while analyzing the data, in chapter twenty, is pretty much
      the same as any other filesystem.

      Part seven looks at online-based forensics (rather begging the
      question of what the difference is between "online" and "network").
      Chapter twenty-one outlines the tracing of email that has been sent
      via Webmail services. Programs, mostly in Perl and SQL, for searching
      Verisign's database of top-level domain ownership, are "listed" in

      This work has a lot of useful information, but as an overall guide is
      woefully incomplete. I know that sounds like a contradiction, but it
      remains true. For those who want to get involved with digital
      forensics, there are useful pointers to tools, and some sets of data
      to play with, and these items are missing from most other forensics
      texts. For those who need to know how to actually approach an
      investigation of a computer or an intrusion into a system, there are
      huge gaps in the coverage this work provides.

      copyright Robert M. Slade, 2005 BKRLDGFR.RVW 20051127

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Hear, O Israel: The Lord our God, the Lord is one. Love the
      Lord your God with all your heart and with all your soul and with
      all your strength. - Deuteronomy 6:4,5
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.