REVIEW: "Challenges to Digital Forensic Evidence", Fred Cohen
- BKCHTDFE.RVW 20080318
"Challenges to Digital Forensic Evidence", Fred Cohen, 2008,
%A Fred Cohen
%C 572 Leona Dr, Livermore, CA 94550
%I Fred Cohen and Associates
%O U$39.00 925-454-0171 all.net
%O Audience s+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P 122 p.
%T "Challenges to Digital Forensic Evidence"
Fred Cohen knows his stuff when it comes to digital forensics, despite
the fun he has with legalities in the frontmatter of this book. Cohen
states, in chapter one, he wrote the book because of the mistakes he
had seen people make when bringing technical materials into a legal
setting. The work is a sold background for a forensic examiner, and
covers a number of areas that are missed in most of the current
literature on this topic. Forensics is more than simply getting bits
out of a given operating filesystem.
Chapter two concentrates on the errors or problems that arise in the
process of collecting evidence. Many computer forensics books list
the sections that should be included in a written report, but this
author provides, in chapter three, practical advice on both wording
and approaches, including such aspects as the reporting of errors in
previously submitted reports. Chapter four demonstrates difficult
situations, some covered in prior chapters and some new, based on
Chapter five reiterates and emphasizes a point that Cohen raises
frequently throughout the book: as an expert, you are working within,
and subject to, an adversarial system and all its attendant
limitations, but your primary responsibility is to the truth. Being
honest in your work and statements is the basis for all of your
testimony. As chapter six points out, it is also the best way to
avoid being challenged.
There are many books that talk about forensic tools: this isn't one of
them. There are a number of works that address specifics of file
systems and storage devices: this isn't one of them. A few texts even
address some aspects of the investigative process and management:
Cohen addresses some of those issues. However, I have not seen any
other guides that will tell you, clearly and plainly, how to avoid the
most common failings of technical experts trying to provide evidence
in a decidedly non-technical legal system.
copyright Robert M. Slade, 2008 BKCHTDFE.RVW 20080318
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
`What was it you really put in the sugar?'
`Cascara,' said Malicia.
Keith sighed. `How much did you give them?'
`Lots. But they should be all right if they don't take too much
of the antidote.'
`What did you give them for the antidote?'
`Malicia, you are not a nice person.'
- `The Amazing Maurice and His Educated Rodents,' Terry Pratchett