Customer Reviews

Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition (Information Security)

5 star:		(0)
4 star:		(2)
3 star:		(0)
2 star:		(1)
1 star:		(0)

 

 

Cyber forensics is becoming a very interesting niche. and to keep up with Joe the bad guy or Jill the bad girl, one must keep up with technology, understand the reason why, and learn the optimum way on how capture the relevant data after a suspicious activity compromises a business, entity or data; This book is a very good resource to do just that.
This is not a "for Dummies" or "introduction to" book, The author made sure the reader is aware of this in his Foreword "This text will not make you a cyber forensics investigator or technician, if you are not one already!"
Reason I read this book was to use it as a tool to improve the procedures in my company's lab and understand the legal requirement as I collect evidence. I must say that Cyber Forensic 2nd Edition fulfilled that and more. I specially liked the immediate dive into the heart of what is important, from the definition, processes, legal issues to separation of audit from Cyber Forensics Investigations and this is the first chapter. It only gets better; I found Chapter 6 specially helpful, used most of its content and created a template to baseline the readiness of my company's Lab to "American Society of Crime Laboratory Directors Laboratory Accreditation Board".
Although I agree with the author about EnCase's ridiculous pricing practice, I found the software review to be false. Encase does support the collection of enterprise network devices albeit uses an agent to do so. I suggest that Chapter 2 be revised, I also did not like the Author's "evaluation" of different tools and rating them, this fact almost stopped me from reading the rest of the book, I also had issues with chapter 7, I suggest the 3rd edition of this book consider adding network acquisition of forensic evidence in the flowchart, also adding the legal and HR in the process flow(for corporate users) and change calling the roll or the term IT Security officers to Information Security officers (smart companies are separating Infosec from IT). Also in the same chapter I agree with the Incident response team to eradicate Virus infection but the entire process should have been modeled after the NIST SP800-61 or a similar Document, the author did a best effort but not a good one.
In conclusion, I like this book, including most of its useful Appendices.
Best Fishes and thank you for reading.

Menendez & Marcella's Field Manual is an update and slight improvement from a publisher that has a broad and portfolio in security related instruction. The book is introductory, but fast paced, very comprehensive and reads well as both a guide (instruction) and as a manual (piecemeal reference).

As with the 1st edition there is a dark side to forensics analysis that is insufficiently covered--specifically the ethical considerations that must proceed any decision to reveal data or reconstruct history. While the guide begins with a review of "technology abuses" and a a section on "illegal activities warranting forensic investigation", it fails to explain just how unethical is the very practice of forensics under most scenarios, even if it is legal!...

Forensics is the art of breaking and entering. It is an intentional and often covert invasion of private property (that is, it is often employed before an arrest rather than during a court sanctioned discovery process; typically, a period is associated with representation and due process). Therefore, it is imperative that the tools of a 'burglary' field manual be accompanied by a discussion of WHY and FOR WHOM an invasive analysis is performed.

Forensic science should *VERY RARELY* be performed at the request of government, a point that eludes most authors. That is, it should be no more common than legally strapping a citizen to a table and torturing them or injecting serum into their veins. Few individuals would accept this outside the realm of an imminent calamity such as a bombing or child kidnapping.

That shouldn't stop you from buying this book. Far from it! In fact, think of Menedez & Marcella as comprehensive guide to the good guys. In our consulting practice, it helps aspiring ANTIFORENSIC consultants better understand their adversary--which, unfortunately, is likely to be the intended audience for this same book.

Confused? You needn't be...

Forensic analysis is most frequently employed by law enforcement officers or private investigators outside of a legally sanctioned, court issued investigation and, certainly, without representation or due process. This Field Manual can teach individuals, organizations and especially consultants how to protect private communications and data with a little knowledge & planning...

Forensics can be thwarted. Your phone calls, email, texting, IMs, PC drives and portable media needn't be an open book. Thwart the target audience of this book by reading the book. Learn about the hidden file structure of common operating systems. Understanding the tools and methods of forensic investigators. Arm your clients with nested-container Full Disk Encryption (this leads to plausible deniability) and Steganometry (hiding things in plain sight).

For a more comprehensive understanding of antiforensics #and perhaps a paranoid view of the government meddling#, see fungible.net (click "Antiforensics" at top right).

Ellery Davies
Ellery #at# starbus #dot# com

Although the book presents a wide breath of computer forensics information, it is poorly written.

It repeats the same concepts over and over again, without adding much in the process.
Some sections are just condensed information from other sources.
Some pieces also seem inconsistent.

Lastly, the writing style is hard to follow, making for a boring reading.