REVIEW: "Scene of the Cybercrime: Computer Forensics Handbook", Debra Littlejohn Shinder
- BKSOCCFH.RVW 20060809
"Scene of the Cybercrime: Computer Forensics Handbook", Debra
Littlejohn Shinder, 2002, 1-931836-65-5, U$59.95/C$92.95
%A Debra Littlejohn Shinder debshinder@...
%C 800 Hingham Street, Rockland, MA 02370
%E Ed Tittel
%I Syngress Media, Inc.
%O U$59.95/C$92.95 781-681-5151 fax: 781-681-3585 amy@...
%O Audience n+ Tech 2 Writing 3 (see revfaq.htm for explanation)
%P 718 p.
%T "Scene of the Cybercrime: Computer Forensics Handbook"
There are some good forensics books out there, but there are also a
number of forensics titles that are nothing more than pamphlets
suggesting that the reader get a copy of EnCase and fool around. Then
there is this work. I'm not sure how I got a review book that is four
years old, an eternity in the technical realm, and particularly in
security. Astoundingly, Shinder produced a work that cut to the heart
of the necessary concepts, without piling on technical trivia that
would rapidly go out of date. This volume is as relevant and valuable
today as it was when it came out.
The foreword notes that the author, herself from both a law
enforcement and a technical background, found that most technical
security people know little about law and legal procedures, and that
law enforcement personnel know next to nothing about computer
internals. She set herself to provide geek info to the cops and cop
smarts to the geeks, and to compile a reference to other resources.
She has produced an admirably valuable text.
Chapter one starts out with a bit of a slip, stating that cybercrime
is a subcategory of computer crime, but then explains it in such a way
as to be basically identical. However, Shinder goes on to provide an
excellent review of the problems in defining and categorizing
cybercrime, jurisdictional issues, and the difficulties in building a
team and infrastructure to fight cybercrime. A concise history of
computer crime events and issues, and a review of common dangers,
makes up chapter two. (The material on high-speed Internet is
somewhat dated, but the rest is excellent.) In other hands, chapter
three's examination of the people involved in cybercrime would be a
rehash of old "hacker" stereotypes. Instead, Shinder gives us
criminal psychology, profiling (and counterexamples to the
stereotypes), victimology, and the characteristics of a good
Chapter four looks into computer hardware basics. Techies will think
it simplistic, but the content is pitched just right for computer
neophytes who need the fundamental concepts and enough detail to step
up to further studies. Some may think that the coverage of
networking, in chapter five, spends too much time on analogue
signalling and old LAN protocols, but you have to remember that
digital forensic investigators are not called upon to use standard
environments, but to assess the material found in arbitrary ones. The
presentation of network intrusions and attacks, in chapter six, has
clear representation of the concepts, without deluging the reader with
quickly dateable minutia.
Chapter seven, turning to cybercrime prevention, presents general
information security concepts, with a concentration on networks and
cryptography. (As with many, Shinder seems to be fascinated with
steganography out of all proportion to its importance.) Implementing
system security, in chapter eight, is similar, but with greater
emphasis on specific settings. (Although this is very helpful,
particularly to the home user, it has limited application to
forensics.) Chapter nine looks at cybercrime detection techniques,
primarily audit information in its various forms. The collection and
preservation of digital evidence is an important and difficult task.
Chapter ten does not go into the same level of detail as Michael A.
Caloyannides' "Computer Forensics and Privacy" (cf. BKCMFRPR.RVW),
"Computer and Intrusion Forensics" by Mohay et al (cf. BKCMINFO.RVW),
Kruse and Heiser's classic "Computer Forensics" (cf. BKCMPFRN.RVW),
the somewhat challenging "Forensic Discovery" by Farmer and Venema
(cf. BKFORDIS.RVW), and Brian Carrier's resourceful "File System
Forensic Analysis" (cf. BKFSFRAN.RVW), but presents a broad overview,
and has good advice on evidence management and a useful list of
resources. Legal systems, types of laws, jurisdictional issues, and
the preparation of a case is covered in chapter eleven, which extends
"A Guide to Forensic Testimony" by Smith and Bace (cf. BKGDFOTS.RVW).
For anyone just becoming involved in digital forensics, the book is an
excellent introduction and overview of the field in its proper
context. For those already involved, this manual is both a solid
reminder of what needs to be taught to those becoming involved in
computer forensics, and also a resource for a number of areas that the
individual specialist may not cover every day. Despite the age of the
work, in this fast changing environment, Shinder has produced a text
of classic depth and lasting value. (Hopefully Syngress will get her
to produce updates on a regular basis.)
copyright Robert M. Slade, 2006 BKSOCCFH.RVW 20060809
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
Are you sure that [nine nine nine nine nine nine is] random?
That's the problem with randomness. You can never be sure.
Dictionary of Information Security www.syngress.com/catalog/?pid=4150