Techno Security's Guide to E-Discovery and Digital Forensics: A Comprehensive Handbook Review

Average Reviews:

(More customer reviews)This book should have been only 50 pages, not 430 pages. The information in it would have been presented better that way. There is way too much fluff and needless rambling, with very little useful information from page to page.
Readers who have worked on any structured project within a business will find at least half of the book to be uninformative. About 60% of the information has to do with managing projects and quality assurance, not necessarily specific to e-discovery or forensics. Even if that interests you, this would make for a very poorly written project management book. Even the technical information presented is all superficial. If you have worked with computers much or currently work in an IT department, you will find little useful information in the book.
Despite the list of impressive authors on the cover, it feels as if the whole book was written by one person over a couple of weekends. Not much research was put into the book, except to list organizations and outside sources that do have the information you want.
It was surprising to me to find out that one appendix (about 50 pages of the book) was a short story. Another appendix explains tips on how to succeed in the courtroom, including how you need to wear deodorant and wash your hair. Yes, it was all about etiquette and grooming.
The best thing about this book is that it tells you where to find more information. If you want to know about accreditation for forensics labs and certifications for practitioners, this book is a great place to start. I wrote down a dozen or more URLs to look up online, while I was reading the book. It also talks about some of the available commercial software vendors in e-discovery. Still, I would have rather read a small pamphlet with a list of websites and short reviews of the software products than have to wade through the book.

Click Here to see more reviews about: Techno Security's Guide to E-Discovery and Digital Forensics: A Comprehensive Handbook

This book provides IT security professionals with the information (hardware, software, and procedural requirements) needed to create, manage and sustain a digital forensics lab and investigative team that can accurately and effectively analyze forensic data and recover digital evidence, while preserving the integrity of the electronic evidence for discovery and trial.IDC estimates that the U.S. market for computer forensics will be grow from $252 million in 2004 to $630 million by 2009. Business is strong outside the United States, as well. By 2011, the estimated international market will be $1.8 billion dollars. The Techno Forensics Conference, to which this book is linked, has increased in size by almost 50% in its second year; another example of the rapid growth in the digital forensics world.The TechnoSecurity Guide to Digital Forensics and E-Discovery features:* Internationally known experts in computer forensics share their years of experience at the forefront of digital forensics* Bonus chapters on how to build your own Forensics Lab* 50% discount to the upcoming Techno Forensics conference for everyonewho purchases a book

Click here for more information about Techno Security's Guide to E-Discovery and Digital Forensics: A Comprehensive Handbook

Read More...

UNIX and Linux Forensic Analysis DVD Toolkit Review

Average Reviews:

(More customer reviews)The title may mislead readers to believe that this book discusses actual forensics of Unix and Linux systems. It does not. The authors waste precious pages in this short book discussing their favorite cool Linux apps like Nessus and Metasploit but don't have any meaningful discussion about the various flavors of Unix: AIX, Solaris, *BSD, etc. Their "Unix and Linux" forensic book is almost entirely about Linux. There is no thoughtful discussion about filesystem forensics; no technical detail helpful to Forensic Examiners.
The few moments where the authors approach a meaningful forensic topic, the reader is redirected to an online resource rather than provided an analysis or explanation within the book.
The book title may lead readers to believe that an accompanying DVD contains a Unix forensic toolkit of some kind. In fact, there is only 1.8 MB of documents and no tools save for a few (4) short Bash scripts that hardly cover a thorough forensics examination: live or otherwise. One of the scripts is only one line. One of these documents is an incomplete 3.5 page summary of Sleuthkit tools. By "incomplete" I mean that it is apparent that the author decided to quit writing. Apparently there was no room in this 236 page, 14-gauge font book to cover in any detail the different Unix filesystems, data acquisition, data carving or static filesystem analysis. But the authors make plenty of room to discuss scanning with Unix tools (nmap, nessus, etc.).
There is a section entitled "Malware" except that no malware sample is actually examined. The reader is briefly introduced to Panda's AV scanner and is walked through how to use ClamAV as if that is the only AV scanner available for either a Unix user or Forensic Examiner. Forensic Examiners should pay very close attention to AntiVirus product comparative reviews.
The book cover boasts that this is the "only digital forensic analysis book for *nix". Indeed there may be little in the way of books solely dedicated to Unix forensics but other books cover Unix forensics with greater detail than this one. For example, Brian Carrier's "Filesystem Forensic Analysis" or Jones, Bejtlich and Rose's "Real Digital Forensics".
The book cover also boasts that readers can "Hit the ground running" with the information within. Unfortunately, if readers expect the content to help them bridge a gap between Windows and Unix, they will hit the ground with a resounding thud. If any Forensics Examiner finds value in the content of this book for actual Unix forensic investigations, I would question that examiner's experience and training.
If the authors wanted to write a book about cool Linux tools or network scanning, they should have entitled the book differently. Perhaps "A Beginner's Guide to Using Linux and Linux Security Applications".
I felt the title was misleading and false advertising. The authors take advantage of the word "Forensics" to sell a book that is not about forensics. For $53.95 I expected much more and was extremely disappointed and disgusted at the inferiority of the content.

Click Here to see more reviews about: UNIX and Linux Forensic Analysis DVD Toolkit

This book addresses topics in the area of forensic analysis of systems running on variants of the UNIX operating system, which is the choice of hackers for their attack platforms. According to a 2007 IDC report, UNIX servers account for the second-largest segment of spending (behind Windows) in the worldwide server market with $4.2 billion in 2Q07, representing 31.7% of corporate server spending. UNIX systems have not been analyzed to any significant depth largely due to a lack of understanding on the part of the investigator, an understanding and knowledge base that has been achieved by the attacker. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors.The book begins with a chapter to describe why and how the book was written, and for whom, and then immediately begins addressing the issues of live response (volatile) data collection and analysis.The book continues by addressing issues of collecting and analyzing the contents of physical memory (i.e., RAM).The following chapters address /proc analysis, revealing the wealth of significant evidence, and analysis of files created by or on UNIX systems.Then the book addresses the underground world of UNIX hacking and reveals methods and techniques used by hackers, malware coders, and anti-forensic developers.The book then illustrates to the investigator how to analyze these files and extract the information they need to perform a comprehensive forensic analysis.The final chapter includes a detailed discussion of Loadable Kernel Modules and Malware. The companion DVD provides a simulated or "live" UNIX environment where readers can test the skills they've learned in the book and use custom tools developed by the authors.Throughout the book the author provides a wealth of unique information, providing tools, techniques and information that won't be found anywhere else.Not only are the tools provided, but the author also provides sample files so that after completing a detailed walk-through, the reader can immediately practice the new-found skills.* The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else.* This book contains information about UNIX forensic analysis that is not available anywhere else. Much of the information is a result of the author's own unique research and work.* The authors have the combined experience of Law Enforcement, Military, and Corporate forensics. This unique perspective makes this book attractive to ALL forensic investigators.

Click here for more information about UNIX and Linux Forensic Analysis DVD Toolkit

Read More...

Windows Forensics: The Field Guide for Corporate Computer Investigations Review

Average Reviews:

(More customer reviews)I decided to read and review three digital forensics books in order to gauge their strengths and weaknesses: "File System Forensic Analysis" (FSFA) by Brian Carrier, "Windows Forensics" (WF) by Chad Steel, and "EnCase Computer Forensics" (ECF) by Steve Bunting and William Wei. All three books contain the word "forensics" in the title, but they are very different. If you want authoritative and deeply technical guidance on understanding file systems, read FSFA. If you want to focus on understanding Windows from an investigator's standpoint, read WA. If you want to know more about EnCase (and are willing to tolerate or ignore information about forensics itself), read ECF.
In the spirit of full disclosure I should mention I am co-author of a forensics book ("Real Digital Forensics") and Brian Carrier cites my book "The Tao of Network Security Monitoring" on p 10. I tried to not let those facts sway my reviews.
WF is a great guide to forensic investigation of Windows. By this I mean WF presents Windows from the perspective of the important directories, files, and registry entries that help an analyst discover malfeasance. WF also covers some of the core applications one would expect to review during host-based forensics, like email, Web browsing history, and P2P application usage. I expected coverage of popular Windows application formats relevant to investigations, like .doc, .ppt, and .xls, but those were missing.
WF addresses the core operational aspects of host-centric forensics, like forming a team and acquiring evidence from live and dead targets. I did not think these sections were as good as material from what I consider the book best suited for all-around hands-on forensic use -- "Incident Response: Computer Forensics, 2nd Ed" by Mandia, Prosise, and Pepe. Live response is one area where I thought WF didn't shine too brightly. I did like the frequent mini-case studies which shared stories from the author's investigative experiences.
A few other aspects of WF resulted in me offering a four star review. I thought the discussion of "vampire taps" on p 157 revealed a real lack of contact with modern network monitoring methods. I don't know anyone who uses or recommends such a contraption in an era of network taps. I continue to question the need to build so-called "sniffing cables," especially when proper interface configuration serves the same purpose. Furthermore, a remotely managed sensor will not be able to hide its traffic on the network anyway, so savvy intruders can usually find them (unless a completely separate management network is run out-of-band). "Chapter 7" was also way too short -- 2 pages!
Although I liked the case studies, I thought there were far too many "gray box" entries. These contain useful hints, but their frequent appearance sometimes interrupted flow of the book. This indicates a need for better organization. Finally, I felt the recent Syngress book "Winternals" did a decent job explaining how to analyze malware, rootkits, and rogue processes on Windows. WF didn't explore this key aspect of Windows incident response.
Overall, however, I would recommend reading WF if you need to understand data sources from Windows systems. I suggest concentrating on the sections that explain where you'll find quality information on Windows, and rely on other sources for generic forensics guidance. I could see readers using WF as a primer for learning about key Windows artifacts, then searching for them in the image files in "Real Digital Forensics."

Click Here to see more reviews about: Windows Forensics: The Field Guide for Corporate Computer Investigations

The evidence is in--to solve Windows crime, you need Windows toolsAn arcane pursuit a decade ago, forensic science today is a household term. And while the computer forensic analyst may not lead as exciting a life as TV's CSIs do, he or she relies just as heavily on scientific principles and just as surely solves crime.Whether you are contemplating a career in this growing field or are already an analyst in a Unix/Linux environment, this book prepares you to combat computer crime in the Windows world. Here are the tools to help you recover sabotaged files, track down the source of threatening e-mails, investigate industrial espionage, and expose computer criminals.* Identify evidence of fraud, electronic theft, and employee Internet abuse* Investigate crime related to instant messaging, Lotus Notes(r), and increasingly popular browsers such as Firefox(r)* Learn what it takes to become a computer forensics analyst* Take advantage of sample forms and layouts as well as case studies* Protect the integrity of evidence* Compile a forensic response toolkit* Assess and analyze damage from computer crime and process the crime scene* Develop a structure for effectively conducting investigations* Discover how to locate evidence in the Windows Registry

Click here for more information about Windows Forensics: The Field Guide for Corporate Computer Investigations

Read More...

Guide to Computer Forensics and Investigations Review

Average Reviews:

(More customer reviews)I use the book in class. It is an excellent book. In particular I liked its explanation of the Master File Table in Windows NTFS. It is the first explanation that I actually understood.


Click Here to see more reviews about: Guide to Computer Forensics and Investigations

Master the skills necessary to launch and complete a successful computer investigation with the updated fourth edition of this popular book, GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS. This resource guides readers through conducting a high-tech investigation, from acquiring digital evidence to reporting its findings. Updated coverage includes new software and technologies as well as up-to-date reference sections, and content includes how to set up a forensics lab, how to acquire the proper and necessary tools, and how to conduct the investigation and subsequent digital analysis. It is appropriate for students new to the field, or as a refresher and technology update for professionals in law enforcement, investigations, or computer security. The book features free downloads of the latest forensic software, so readers can become familiar with the tools of the trade.

Click here for more information about Guide to Computer Forensics and Investigations

Read More...