REVIEW: "CD and DVD Forensics", Paul Crowley
- BKCDDVDF.RVW 20070116
"CD and DVD Forensics", Paul Crowley, 2007, 1-59749-128-4,
%A Paul Crowley sales@...
%C 800 Hingham Street, Rockland, MA 02370
%E Dave Kleiman
%G 1-59749-128-4 978-1-59749-128-0
%I Syngress Media, Inc.
%O U$49.95/C$64.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 292 p.
%T "CD and DVD Forensics"
Chapter one outlines the physical (and some logical) structure of the
various CD (Compact Disk) and DVD (Digital Versatile Disk) formats.
The material is often interesting, but I wonder how helpful it would
be, for forensic examiners, in many cases. For example, there is
discussion of dyes and the coloured cast that they give to different
types of disks, but many of those distinctives seem to depend upon a
number of factors, and there is a wide range of possibilities. In
addition, some of the descriptions of a more technical nature are
terse, and not well explained. Most of chapter two relates to the
different CD disk formats, with varying levels of detail, but mostly
just brief summaries. There are also odd inclusions of miscellaneous
(and only tenuously associated) material. Chapter three suggests that
taking a forensic binary image of a CD is easy, but sometimes
impossible. (And that you should do a hash digest for verification,
but sometimes they won't match.) Collecting disks for evidence is
mentioned in chapter four, which has similarly contradictory advice in
places. Preparation for examination, in chapter five, covers a number
of diverse issues such as cleaning of disks and types of drives to
use. (It is not mentioned, at this point, that Appendix A has
instructions on modifying a drive for use in forensic examination.)
More than a third of the book (chapters six, seven, and eight)
contains documentation for the author's CD forensic software.
Chapter nine lists a few things you should put in a forensic report.
Less than a page of items (that have been said elsewhere in the book)
are in chapter ten.
There is an extensive glossary in the book, although many items do not
relate to CDs or DVDs. Many of those that do relate are poorly
explained, which severely limits the helpfulness of this section.
This book is not very useful for forensics, with insufficient detail
on most topics. It suggests areas to be concerned about, but the
potential examiner would have to go elsewhere to get the information
needed to do a good job. However, this is an esoteric area of study,
and few other sources are available, so it may be helpful as an
initial starting point.
copyright Robert M. Slade, 2007 BKCDDVDF.RVW 20070116
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
He wrapped himself in quotations--as a beggar would enfold
himself in the purple of Emperors. - Rudyard Kipling
Dictionary of Information Security www.syngress.com/catalog/?pid=4150