Guide to Computer Forensics and Investigations (Paperback)

by Amelia Phillips (Author), Bill Nelson (Author), Frank Enfinger (Author), Christopher Steuart (Author)

Editorial Reviews

Review
In summary, this book provides an excellent overview of computer forensics. I highly recommend it to professionals, teachers, and students. -- Gary C. Kessler, Associate Professor, Program Director, Champlain College, Forensic Science Communications, Jan 2004

Product Description
Presents methods to properly conduct a computer forensics investigation and maps to the objectives of the IACIS certification.

See all Editorial Reviews

Product Details

• Paperback: 720 pages
• Publisher: Course Technology; 1 edition (September 3, 2003)
• Language: English
• ISBN-10: 0619131209
• ISBN-13: 978-0619131203
• Product Dimensions: 8.9 x 7.3 x 1.6 inches
• Shipping Weight: 2.6 pounds
• Average Customer Review: 1.7 out of 5 stars See all reviews (6 customer reviews)
• Amazon.com Sales Rank: #938,296 in Books (See Bestsellers in Books)

  Popular in this category: (What's this?)

  #65 in

  Books > Computers & Internet > Security & Encryption > Forensics

Customer Reviews

Most Helpful Customer Reviews

28 of 30 people found the following review helpful:

2.0 out of 5 stars Grain of salt, February 13, 2004

By	gail thackeray (Phoenix, AZ United States) - See all my reviews

Smoke started coming out of my ears by page 2. The legal info on that page is flat WRONG! - here's a sample: "Until recently, legal professionals could not use digital evidence in court because it was not considered tangible evidence" - where they got that from, I don't know..... we've been using digital evidence in court for 1/2 a century now, and there's a 1960's bank case on mainframe evidence that's still the guideline for laying a foundation for admission of computer evidence.

p. 11: "Until 1993, the laws defining computer crimes did not exist. To this day, many have yet to be tested in court." HUH????? The fed.s proposed the first one in 1977, Florida and Arizona passed the first two computer crime statutes in 1978, and the feds finally got theirs through (18 USC 1029 & 1030) in 1986.

In another place, they talk about commmercial forensics software only being available recently, which ignores the decades of work done by experts using Norton's DiskEdit (still in use today). They barely mention Dan Mares, who wrote some of the first forensics tools, and is still doing so.

They don't really explain what their relationship is with a particular vendor whose software and hardware products are covered in detail.... and their description of the IACIS certification process is out of date. IACIS (an organization to which I belong and from which I received my computer forensics certification) has not endorsed this book.

11 of 11 people found the following review helpful:

1.0 out of 5 stars Too many problems, August 24, 2004

By	Joey "Joey" (Oregon) - See all my reviews

I found way too many problems with this text. I perform computer forensics investigations for a living, and would not recommend this book. There is too much focus on the DriveSpy program, and much of the information is repeated from chapter to chapter. This is an example of the reviewers not actually taking a look at the book. Your best bet is to purchase the book by Warren Kruse.

14 of 16 people found the following review helpful:

2.0 out of 5 stars Too much incorrect information, March 13, 2004

By	"warren_kruse" (San Diego CA) - See all my reviews

Too much technical information is incorrect. This book never made it past the editing process, and the exercises were never checked.

The information regarding digital signatures is incorrect. Much of the information regarding partitions is incorrect. The information in regards to boot structures and MACS is scant, and what is there has been copied from existing web pages. Only enough information on NT and the MFT to confuse and confound.

The exercises are hard to follow, and even suggest using a different operating system if they do not work. The examiner cannot switch the operating system on the drive being examined - this is ridiculous.

The book is written with the primary audience of law enforcement. If a law enforcement officer were to have this book as their only education in computer forensics, their testimony would never stand up. I truly doubt that the material covered is sufficient to allow one to pass the IACIS certification.

A competent forensic examiner would not use this book other than as a reference for using DriveSpy.