Customer Reviews

Cybercrime: Investigating High-Technology Computer Crime

5 star:		(0)
4 star:		(1)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

Being the singular author on a comprehensive book about cybercrime has to be a daunting task. The subject area is so broad that a sole author can't be expected to be deeply knowledgeable about all aspects of the subject. Robert Moore wisely cautions the reader in the introduction that the goal of the book is to serve as a starting point in understanding the world of cybercrime rather than being a vehicle that will transform the reader into an expert. Moore largely hits the mark with this book. I found it to be a good overview of the world of cybercrime with an emphasis on computer forensics.

My primary concern with this work is that it feels very dated during portions of the book. For example, the content that deals with hacking provides a wonderful history of the term and how the public came to learn about this sort of activity, but the actual technical portion of the discussion needs to be updated. There are very few tools that are discussed specifically in the text and some of them are quite out of date. For example, the author talks about hackers using tools like nmap, but also spends time talking about SATAN. A book released in 2011 that talks about hacking really should concentrate on introducing the reader to more contemporary tools such as Metasploit and as well as discussing some of the more classic tools. While there isn't anything wrong talking about popular historical tools, they should be placed in the proper context with current tools.

The computer forensics portions of the book suffer from a similar problem. The book mentions commonly used tools such as EnCase and FTK, but treats the NTI tools as if they were still widely in use by the digital forensics community. They aren't. Similarly, the portion of the book that covers the acquisition of computer evidence is somewhat out of date. While the author does a fine job explaining how computer evidence should be collected, the methods described in the book reflect the "pull the plug" mentality that can no longer be relied on in today's world. While the author does talk about some live response issues in relation to open files on a computer, the 3rd edition of this book needs to talk about when making an image of a live machine might be necessary because of issues such as encryption concerns. There also needs to be updated content regarding the capture and analysis of live memory. Pulling the plug or shutting down a machine without capturing memory will result in the loss of gigabytes worth of very valuable data.

Ultimately, these are suggestions on how to improve the book for a 3rd edition rather than a reason to pass on purchasing this book. Even the sections that are dated are very well written and provide a tremendous amount of valuable data to the reader. I learned a few new things reading this book and I'm not target audience since I am already an experienced technical crime investigator and digital forensics examiner.