Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Guide to Computer Forensics and Investigations", Bill

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Guide to Computer Forensics and Investigations", Bill Nelson et al
Date: Fri, 16 Dec 2005 08:44:04 -0800 
BKGTCFAI.RVW   20050801

"Guide to Computer Forensics and Investigations", Bill Nelson et al,
2004, 0-619-13120-9
%A   Bill Nelson
%A   Amelia Phillips
%A   Frank Enfinger
%A   Chris Steuart
%C   25 Thomson Place, Boston, MA   02210
%D   2004
%G   0-619-13120-9
%I   Thomson Learning Inc.
%O   www.course.com
%O  http://www.amazon.com/exec/obidos/ASIN/0619131209/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/0619131209/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/0619131209/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   689 p. + CD-ROM
%T   "Guide to Computer Forensics and Investigations"

The preface states that the book is intended for newcomers to computer
forensics that have a basic background in computers and networking. 
There is mention of instructor material on the CD-ROM, but no other
direction in regard to use as a course text.

Chapter one purports to provide an overview of the computer forensics
profession.  It jumps, seemingly without structure, from topic to
topic, never providing solid information about much of anything.  The
progress and process of computer investigations is the topic of
chapter two, but the material ranges between the uselessly vague
(brief mentions of important concepts such as chain of
evidence/custody, with no discussion of why they are vital) and the
uselessly specific (six pages of instruction on how to make a Windows
98 system boot to DOS).  The content also relies heavily upon the
assumption that the reader will  have a certain suite of commercial
forensics tools from a particular company.  (It also seems to feel
that the reader will never need to examine systems other than DOS,
Windows 98, FAT12, and floppy disks.)  DOS and Windows file systems
(including NTFS) are reviewed in chapter four, although the level of
detail provided is very inconsistent (eight pages of information on
DOS batch files, and only four pages to describe the entire NTFS disk
structure).  Illustrations are less than helpful, particularly in
regard to labelling, and the use of terminology in non-standard ways
can lead to confusion.  (In this book, "file slack" refers to what is
otherwise simply known as unused or unallocated space.)  Basically,
the material is simplistic and unlikely to be needed by most people
with an intermediate level of computer knowledge, while at the same
time being incomplete, and probably not of any assistance to someone
actually looking at disk sectors.  The material on Macintosh and Linux
systems, in chapter four, is similar.

Most of the material in chapter five, on a forensics lab and office,
is generic advice on either computer requirements or forensics (but
non-computer) labs.  Chapter six lists an apparently random collection
of forensics tools.  Rules of evidence (American) and a brief
description of one program for hash calculation are in chapter seven. 
Chapter eight talks about processing the crime scene: the text ranges
from the vague (identifying the computer) to the bizarre (HAZMAT
suits).  Some of the aforementioned commercial programs used in data
acquisition are outlined in chapter nine while the analytical tools
are depicted in chapter ten.

Chapter eleven, on email, does show how to read headers in more than
one mail user agent program, and mentions the log files on a couple of
mail servers.  Some random notes on graphics files, and, as in the
rest of the book, lots of verbiage for not much information, is in
chapter twelve.  The advice on preparing reports, in chapter thirteen,
is banal and has little bearing on forensics.  Chapter fourteen, on
expert witness, does not deal with the requirements for establishing
that status, nor the restrictions on opinion in some cases.

As far as computer forensics goes, the foundation provided in this
work is far from solid.  It mentions the basic topics, but fails to
provide much in the way of resources for proceeding with the
profession.  The material provided is excessively wordy, and the
structure is often jumpy and unhelpful.  Extensive sections have been
added that will be of little use to anyone other than a computer
novice, seemingly only in an attempt to pad the length of the book.  I
would have trouble recommending this text to any audience.

copyright Robert M. Slade, 2005   BKGTCFAI.RVW   20050801


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca      slade@victoria.tc.ca      rslade@sun.soci.niu.edu
There is nothing in this world constant but inconstancy.     - Swift
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade


------------------------ Yahoo! Groups Sponsor --------------------~--> 
Most low income homes are not online. Make a difference this holiday season!
http://us.click.yahoo.com/5UeCyC/BWHMAA/TtwFAA/kgFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Guide to Computer Forensics and Investigations", Bill Nelson et al, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "Always Use Protection", Dan Appleman, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] Elementary question - ComparisonWithCISA & Suggested Books, accounts
Previous by Thread:  [CISSP-D] REVIEW: "Always Use Protection", Dan Appleman, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] Elementary question - ComparisonWithCISA & Suggested Books, accounts
Indexes:  [Date] [Thread] [Top] [All Lists]