Publisher: Addison-Wesley, 2002, 398 pages
ISBN: 0-201-70719-5
Keywords: IT Security
Every computer crime leaves tracks—you just have to know where to find them. This book shows you how to collect and analyze the digital evidence left behind in a digital crime scene.
Computers have always been susceptible to unwanted intrusions, but as the sophistication of computer technology increases so does the need to anticipate, and safeguard against, a corresponding rise in computer-related criminal activity.
Computer forensics, the newest branch of computer security, focuses on the aftermath of a computer security incident. The goal of computer forensics is to conduct a structured investigation to determine exactly what happened, who was responsible, and to perform the investigation in such a way that the results are useful in a criminal proceeding.
Written by two experts in digital investigation, Computer Forensics provides extensive information on how to handle the computer as evidence. Kruse and Heiser walk the reader through the complete forensics process — from the initial collection of evidence through the final report. Topics include an overview of the forensic relevance of encryption, the examination of digital evidence for clues, and the most effective way to present your evidence and conclusions in court. Unique forensic issues associated with both the Unix and the Windows NT/2000 operating systems are thoroughly covered.
This book provides a detailed methodology for collecting, preserving, and effectively using evidence by addressing the three A's of computer forensics:
Computer Forensics is written for everyone who is responsible for investigating digital criminal incidents or who may be interested in the techniques that such investigators use. It is equally helpful to those investigating hacked web servers, and those who are investigating the source of illegal pornography.
A classic that you need to read, if for nothing else to understand why Windows programmers shouldn't be allowed near a computer.
The book (especially the Unix/Linux part) is riddled with errors, half-truths and down-right lies. My recommendation would be to avoid it, unless you need to know how not to do forensics.
Considering that the authors claims to be experts and frequently testifying in court with methods based on this this book make me fear the American court system. Frankly, any half-way competent programming idiot could challenge their flawed methods.
Comments
There are currently no comments
New Comment