Customer Reviews

Guide to Computer Forensics and Investigations

5 star:		(0)
4 star:		(0)
3 star:		(1)
2 star:		(2)
1 star:		(3)

 

 

Smoke started coming out of my ears by page 2. The legal info on that page is flat WRONG! - here's a sample: "Until recently, legal professionals could not use digital evidence in court because it was not considered tangible evidence" - where they got that from, I don't know..... we've been using digital evidence in court for 1/2 a century now, and there's a 1960's bank case on mainframe evidence that's still the guideline for laying a foundation for admission of computer evidence.

p. 11: "Until 1993, the laws defining computer crimes did not exist. To this day, many have yet to be tested in court." HUH????? The fed.s proposed the first one in 1977, Florida and Arizona passed the first two computer crime statutes in 1978, and the feds finally got theirs through (18 USC 1029 & 1030) in 1986.

In another place, they talk about commmercial forensics software only being available recently, which ignores the decades of work done by experts using Norton's DiskEdit (still in use today). They barely mention Dan Mares, who wrote some of the first forensics tools, and is still doing so.

They don't really explain what their relationship is with a particular vendor whose software and hardware products are covered in detail.... and their description of the IACIS certification process is out of date. IACIS (an organization to which I belong and from which I received my computer forensics certification) has not endorsed this book.

I found way too many problems with this text. I perform computer forensics investigations for a living, and would not recommend this book. There is too much focus on the DriveSpy program, and much of the information is repeated from chapter to chapter. This is an example of the reviewers not actually taking a look at the book. Your best bet is to purchase the book by Warren Kruse.

Too much technical information is incorrect. This book never made it past the editing process, and the exercises were never checked.

The information regarding digital signatures is incorrect. Much of the information regarding partitions is incorrect. The information in regards to boot structures and MACS is scant, and what is there has been copied from existing web pages. Only enough information on NT and the MFT to confuse and confound.

The exercises are hard to follow, and even suggest using a different operating system if they do not work. The examiner cannot switch the operating system on the drive being examined - this is ridiculous.

The book is written with the primary audience of law enforcement. If a law enforcement officer were to have this book as their only education in computer forensics, their testimony would never stand up. I truly doubt that the material covered is sufficient to allow one to pass the IACIS certification.

A competent forensic examiner would not use this book other than as a reference for using DriveSpy.

The majority of exercises do not work. I found myself having to create exercises for my students to follow so I switched books. There is a lot of repetitive information and poor explanations.

If you previous training in computer forensics you will have a problem with much of the information.

Professor Kessler, what book did you actually review? I started using this book based on your recommendations.

This book represents the core of what is wrong with corporate America today. This book is packaged with a CD that has software on it used throughout the book. What they don't tell you anywhere is that you must register the software using a unique and one time only coupon in the cd pouch. Furthermore the software then expires in 120 days. To not mention this limitation that basically makes the book useless for resale is very deceitful on the part of the publisher and the company that supplied the software. Never have I seen such B.S. before as this when it comes for games that publishers play!!! THIS INFORMATION SHOULD HAVE BEEN IN BIG BOLD LETTERS -- YOU CANNOT RESELL THIS BOOK DUE TO THE ONE-TIME USE OF THE ENCLOSED CD SOFTWARE --

As a new examiner, I found this book somewhat useful, but I thought the book was edited horribly. It looks to me as though the publisher hired an English major to edit a Computer Forensics book... too bad...

If the authors read these reviews...
switch editors... maybe even publishers if it's possible...
switch to more mainstream tools for your examples...
re-edit before releasing a second edition