Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition (Information Security) [Hardcover]

Albert Marcella Jr. (Author), Doug Menendez (Author)

Book Description

Publication Date: December 19, 2007 | ISBN-10: 0849383285 | ISBN-13: 978-0849383281 | Edition: 2

Designed as an introduction and overview to the field, Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition integrates theory and practice to present the policies, procedures, methodologies, and legal ramifications and implications of a cyber forensic investigation. The authors guide you step-by-step through the basics of investigation and introduce the tools and procedures required to legally seize and forensically evaluate a suspect machine.

Updating and expanding information on concealment techniques, new technologies, hardware, software, and relevant new legislation, this second edition delineates the scope and goals of cyber forensics to reveal and track legal and illegal activity. Beginning with an introduction and definition of cyber forensics, chapters explain the rules of evidence and chain of custody in maintaining legally valid electronic evidence. They describe how to begin an investigation and employ investigative methodology, as well as establish standard operating procedures for the field and cyber forensic laboratory. The authors provide an in depth examination of the manipulation of technology to conceal illegal activities and the use of cyber forensics to uncover them. They discuss topics and issues such as conducting a cyber forensic investigation within both the local and federal legal framework, and evaluating the current data security and integrity exposure of multifunctional devices.

Cyber Forensics includes details and tips on taking control of a suspect computer or PDA and its "operating" environment, mitigating potential exposures and risks to chain of custody, and establishing and following a flowchart for the seizure of electronic evidence. An extensive list of appendices include websites, organizations, pertinent legislation, further readings, best practice recommendations, more information on hardware and software, and a recap of the federal rules of civil procedure.

Product Details

• Hardcover: 528 pages
• Publisher: Auerbach Publications; 2 edition (December 19, 2007)
• Language: English
• ISBN-10: 0849383285
• ISBN-13: 978-0849383281
• Product Dimensions: 10.1 x 6.9 x 1.4 inches
• Shipping Weight: 2.4 pounds (View shipping rates and policies)
• Average Customer Review: 3.3 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #568,387 in Books (See Top 100 in Books)

Customer Reviews

Most Helpful Customer Reviews

2 of 2 people found the following review helpful:

4.0 out of 5 stars Impressive collection of relevant information, June 19, 2009

By 

Viken Derderian (Los Angeles, CA) - See all my reviews
(REAL NAME)   

This review is from: Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition (Information Security) (Hardcover)

Cyber forensics is becoming a very interesting niche. and to keep up with Joe the bad guy or Jill the bad girl, one must keep up with technology, understand the reason why, and learn the optimum way on how capture the relevant data after a suspicious activity compromises a business, entity or data; This book is a very good resource to do just that.

This is not a "for Dummies" or "introduction to" book, The author made sure the reader is aware of this in his Foreword "This text will not make you a cyber forensics investigator or technician, if you are not one already!"

Reason I read this book was to use it as a tool to improve the procedures in my company's lab and understand the legal requirement as I collect evidence. I must say that Cyber Forensic 2nd Edition fulfilled that and more. I specially liked the immediate dive into the heart of what is important, from the definition, processes, legal issues to separation of audit from Cyber Forensics Investigations and this is the first chapter. It only gets better; I found Chapter 6 specially helpful, used most of its content and created a template to baseline the readiness of my company's Lab to "American Society of Crime Laboratory Directors Laboratory Accreditation Board".

Although I agree with the author about EnCase's ridiculous pricing practice, I found the software review to be false. Encase does support the collection of enterprise network devices albeit uses an agent to do so. I suggest that Chapter 2 be revised, I also did not like the Author's "evaluation" of different tools and rating them, this fact almost stopped me from reading the rest of the book, I also had issues with chapter 7, I suggest the 3rd edition of this book consider adding network acquisition of forensic evidence in the flowchart, also adding the legal and HR in the process flow(for corporate users) and change calling the roll or the term IT Security officers to Information Security officers (smart companies are separating Infosec from IT). Also in the same chapter I agree with the Incident response team to eradicate Virus infection but the entire process should have been modeled after the NIST SP800-61 or a similar Document, the author did a best effort but not a good one.

In conclusion, I like this book, including most of its useful Appendices.

Best Fishes and thank you for reading.

4.0 out of 5 stars This book can be a decent starting point for Antiforensics, August 2, 2011

By 

Ellery Davies "Ellery (at) StarBus (dot) com" (West Coast, USA) - See all my reviews

This review is from: Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition (Information Security) (Hardcover)

Menendez & Marcella's Field Manual is an update and slight improvement from a publisher that has a broad and portfolio in security related instruction. The book is introductory, but fast paced, very comprehensive and reads well as both a guide (instruction) and as a manual (piecemeal reference).

As with the 1st edition there is a dark side to forensics analysis that is insufficiently covered--specifically the ethical considerations that must proceed any decision to reveal data or reconstruct history. While the guide begins with a review of "technology abuses" and a a section on "illegal activities warranting forensic investigation", it fails to explain just how unethical is the very practice of forensics under most scenarios, even if it is legal!...

Forensics is the art of breaking and entering. It is an intentional and often covert invasion of private property (that is, it is often employed before an arrest rather than during a court sanctioned discovery process; typically, a period is associated with representation and due process). Therefore, it is imperative that the tools of a 'burglary' field manual be accompanied by a discussion of WHY and FOR WHOM an invasive analysis is performed.

Forensic science should *VERY RARELY* be performed at the request of government, a point that eludes most authors. That is, it should be no more common than legally strapping a citizen to a table and torturing them or injecting serum into their veins. Few individuals would accept this outside the realm of an imminent calamity such as a bombing or child kidnapping.

That shouldn't stop you from buying this book. Far from it! In fact, think of Menedez & Marcella as comprehensive guide to the good guys. In our consulting practice, it helps aspiring ANTIFORENSIC consultants better understand their adversary--which, unfortunately, is likely to be the intended audience for this same book.

Confused? You needn't be...

Forensic analysis is most frequently employed by law enforcement officers or private investigators outside of a legally sanctioned, court issued investigation and, certainly, without representation or due process. This Field Manual can teach individuals, organizations and especially consultants how to protect private communications and data with a little knowledge & planning...

Forensics can be thwarted. Your phone calls, email, texting, IMs, PC drives and portable media needn't be an open book. Thwart the target audience of this book by reading the book. Learn about the hidden file structure of common operating systems. Understanding the tools and methods of forensic investigators. Arm your clients with nested-container Full Disk Encryption (this leads to plausible deniability) and Steganometry (hiding things in plain sight).

For a more comprehensive understanding of antiforensics #and perhaps a paranoid view of the government meddling#, see fungible.net (click "Antiforensics" at top right).

Ellery Davies

Ellery #at# starbus #dot# com

0 of 2 people found the following review helpful:

2.0 out of 5 stars Inconsistent and repetitive, November 23, 2008

By 

I. Sfiligoi - See all my reviews
(REAL NAME)   

This review is from: Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition (Information Security) (Hardcover)

Although the book presents a wide breath of computer forensics information, it is poorly written.

It repeats the same concepts over and over again, without adding much in the process.

Some sections are just condensed information from other sources.

Some pieces also seem inconsistent.

Lastly, the writing style is hard to follow, making for a boring reading.