Guide to Computer Forensics and Investigations [Paperback]

Amelia Phillips (Author), Bill Nelson (Author), Frank Enfinger (Author), Christopher Steuart (Author)

Book Description

ISBN-10: 0619131209 | ISBN-13: 978-0619131203 | Publication Date: September 3, 2003 | Edition: 1

Guide to Computer Forensics and Investigation presents methods to properly conduct a computer forensics investigation beginning with a discussion of ethics, while mapping to the objectives of the International Association of Computer Investigative Specialists (IACIS) certification.

Editorial Reviews

Review

In summary, this book provides an excellent overview of computer forensics. I highly recommend it to professionals, teachers, and students. -- Gary C. Kessler, Associate Professor, Program Director, Champlain College, Forensic Science Communications, Jan 2004

From the Publisher

Guide to Computer Forensics and Investigation presents methods to properly conduct a computer forensics investigation beginning with a discussion of ethics, while mapping to the objectives of the International Association of Computer Investigative Specialists (IACIS) certification.

See all Editorial Reviews

Product Details

• Paperback: 690 pages
• Publisher: Course Technology; 1 edition (September 3, 2003)
• Language: English
• ISBN-10: 0619131209
• ISBN-13: 978-0619131203
• Product Dimensions: 8.9 x 7.3 x 1.6 inches
• Shipping Weight: 2.6 pounds
• Average Customer Review: 1.7 out of 5 stars  See all reviews (6 customer reviews)
• Amazon Best Sellers Rank: #429,342 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

28 of 30 people found the following review helpful:

2.0 out of 5 stars Grain of salt, February 13, 2004

By 

gail thackeray (Phoenix, AZ United States) - See all my reviews

This review is from: Guide to Computer Forensics and Investigations (Paperback)

Smoke started coming out of my ears by page 2. The legal info on that page is flat WRONG! - here's a sample: "Until recently, legal professionals could not use digital evidence in court because it was not considered tangible evidence" - where they got that from, I don't know..... we've been using digital evidence in court for 1/2 a century now, and there's a 1960's bank case on mainframe evidence that's still the guideline for laying a foundation for admission of computer evidence.

p. 11: "Until 1993, the laws defining computer crimes did not exist. To this day, many have yet to be tested in court." HUH????? The fed.s proposed the first one in 1977, Florida and Arizona passed the first two computer crime statutes in 1978, and the feds finally got theirs through (18 USC 1029 & 1030) in 1986.

In another place, they talk about commmercial forensics software only being available recently, which ignores the decades of work done by experts using Norton's DiskEdit (still in use today). They barely mention Dan Mares, who wrote some of the first forensics tools, and is still doing so.

They don't really explain what their relationship is with a particular vendor whose software and hardware products are covered in detail.... and their description of the IACIS certification process is out of date. IACIS (an organization to which I belong and from which I received my computer forensics certification) has not endorsed this book.

11 of 11 people found the following review helpful:

1.0 out of 5 stars Too many problems, August 24, 2004

By 

Joey "Joey" (Oregon) - See all my reviews

This review is from: Guide to Computer Forensics and Investigations (Paperback)

I found way too many problems with this text. I perform computer forensics investigations for a living, and would not recommend this book. There is too much focus on the DriveSpy program, and much of the information is repeated from chapter to chapter. This is an example of the reviewers not actually taking a look at the book. Your best bet is to purchase the book by Warren Kruse.

14 of 16 people found the following review helpful:

2.0 out of 5 stars Too much incorrect information, March 13, 2004

By 

"warren_kruse" (San Diego CA) - See all my reviews

This review is from: Guide to Computer Forensics and Investigations (Paperback)

Too much technical information is incorrect. This book never made it past the editing process, and the exercises were never checked.

The information regarding digital signatures is incorrect. Much of the information regarding partitions is incorrect. The information in regards to boot structures and MACS is scant, and what is there has been copied from existing web pages. Only enough information on NT and the MFT to confuse and confound.

The exercises are hard to follow, and even suggest using a different operating system if they do not work. The examiner cannot switch the operating system on the drive being examined - this is ridiculous.

The book is written with the primary audience of law enforcement. If a law enforcement officer were to have this book as their only education in computer forensics, their testimony would never stand up. I truly doubt that the material covered is sufficient to allow one to pass the IACIS certification.

A competent forensic examiner would not use this book other than as a reference for using DriveSpy.