Customer Reviews

The Official CHFI Study Guide (Exam 312-49): for Computer Hacking Forensic Investigator

5 star:		(5)
4 star:		(2)
3 star:		(1)
2 star:		(0)
1 star:		(2)

 

 

Rarely have I seen less information in so many pages. This book is poorly organized, riddled with inaccuracies and typos, and appears hopelessly outdated in many cases. (Frequent references to floppy disks and MS-DOS make me wonder where these authors have been since, oh, 1994).

Here's a clear example of the slovenliness of the book and its editors. The summary of the "PDA, Blackberry, and iPod Forensics" chapter contains no reference to the iPod. Obviously, the iPod section was added later, and no one thought to update the summary section.

Here's another example. The "PDA Investigative Tips" section advises the would-be investigator to leave the device in the "off" state, then immediately "switch on the device". Apparently, switching the device on leaves it in the off state. The book is full of nonsense like this.

The final straw for me, though, is the beginning of Chapter 13, which purports to examine forensic tools (hardware and software). The author of this chapter openly states that the chapter is "heavily based on the assertions of the vendors who make the products." In other words, they just slapped together a bunch of sales literature, and are not providing any real-world experience with, or observations of, the products. Well, at least they're honest about their laziness and lack of experience.

I have worked in the IT field for over 25 years now, and I have read many, many technical and instructional books. This is definitely one of the worst. Buy something else if you want to learn about forensics. I recommend "File System Forensic Analysis", by Brian Carrier.

I purchased this book in August as one of the pieces for my self training for the computer forensics discipline. I purchased it with the intent of downloading the PDF version and putting it on my Amazon Kindle so I could easily carry the book with me. I've been very satisfied with the content, especially the numerous links to related material. Mr. Kleiman brought together a group of people each of whom made a significant contribution to an excellent product.

As one reviewer has noted, there are weaknesses, especially in the proofreading and editing. This reflects on the publisher rather than the author as I'll detail below this. I can easily get past those weaknesses because this isn't a literary work.

As it turns out, the weaknesses were not caused by Mr. Kleiman or the other contributors to the book. In the process of acquiring the PDF that was to be included in the purchase price I learned that Syngress has been having problems, probably financially based, for quite some time. This resulted in delivering products that had not been fully prepared as was the case with this book. Mr. Kleiman as an author submitted in good faith a book to be proofread, edited and published. He provided content that easily justified the price of the book and expected Syngress to fine tune the product before releasing it.

Several days after purchasing the book I made my first of several attempts to contact Syngress and download my promised PDF copy. After several phone calls and emails I realized I was wasting my time. I then sent an email to David Kleiman and at about the same time I learned that Syngress had closed their doors and was being taken over by Elsevier. Mr. Kleiman and I exchanged emails for a month or so as he worked with the kind folks at Elsevier to get the PDF to me. About a week ago I received an email from Mr. Kleiman stating that the PDF would be available to me soon. Shortly after that I received an email from Elsevier telling me how to download the PDF. I did that and I now have it on my Kindle and can access it at any time as I originally planned. I find it to be an excellent resource and well worth the purchase price and the time spent reading it.

I commend David Kleiman and Elsevier for doing what's right.

Im currently enrolled to go to school for computer forencsics, however i dont start until september i wanted a book to jumpstart me in the field before i start classes to get familiar with the subject. I wanted a study guide to teach me the basics and i couldnt have gotten a better book. The Official CHFI study guide is exactly what i wanted and needed and now im more excited then ever to start classes in the fall. Very satisfied with my purchase.

I found this book to be very complete, the CHFI exam still seems to be in its preliminary stages however this exam along with the Certified Computer Examiner (CCE) Certification seem to be the only non-software dependent certifications. This book once purchased can also be downloaded as a pdf from the website. Cover all tools including encase, sleuthkit, paraben's network email examiner, etc.

I like the book it is very good and I would recomend anyone to it. I am not really doing the 312-49 Exam, but I'm doing a online Computer Forensic COurse and this study guide really helpn me out and I get to learn more also.

This is a great training manual, someone with a rudimentary understanding of computers will be able to follow along due to the easy to read format and lay person language. However, there are sections with several typos and grammar errors that are embarrassing for this level of training manual! Another drawback is that this "official manual" was last revised in 2007 and has not been updated since, leaving the student with stale study material for current exam content! Overall worth the money but I would suggest supplementing with other materials if you plan on taking and passing the exam!

My experience with the official CHFI courseware straight from EC-Council was a disaster, to say the least. While I learned a lot about the subject matter, the books and online course were both full of errors ranging from annoying grammatical errors to the actual answers on the quizzes being incorrect (not helpful when you are studying for a certification exam). I put off buying this study guide because I had already spent $1300 on the course, but it got to the point where I didn't feel comfortable taking the exam because the official material was so overwhelming and disorganized. I felt I had no choice but to fork over another $50-$60 for something that might give me a better idea of what I needed to focus on for the test.

When I got the study guide, I was relieved. FINALLY, something organized. However, I noticed that the copyright date was 2007, and there was no version number to be found anywhere. I contacted EC-Council and was advised that this official, endorsed study guide was actually for version 3, not 4. So once again, I'm going into this test without a firm grasp of what's actually covered.

That being said, this book actually covers a lot of material and is a good introduction to computer forensics investigations. I'm sure a lot of the material from v3 to v4 is similar, so it's not a total loss. It's organized very well, but compared to the EC-Council books, I could throw this book into a tornado and still be able to piece it together better than their information.

I would give this four stars as a general reference book and introduction to the field. It's definitely giving me a good foundation for the exam, and I'm sure I'll be using it as a reference book in the future. So, four stars for material - three stars for not being current. Syngress really should update this ASAP.

a weighty tomb that provides a lot of information for persons that wish to study for their forensic investigators certification

This Book is an Excellent resource and Study Guide for CHFI v3 Exam ..
i will Recommended this Book and Hacking Exposed Computer Forensic v2 , for Passing the CHFI v3 EC-Council Exam .
The Book is huge with 995 pages but its really inserting to read .

Full disclosure: I haven't finished the book. In fact, I haven't finished the first chapter. But the error on page ten makes me cringe, and want to ask for my money back from Amazon, Syngress/Elsevier and EC Council. How did this get past the technical editors? Or did the technical editors not make it through any high school mathematics classes? I will quote:

"Now it is understood that 2^128 is about 340 billion, and it would be an extremely large storage of tiny files, but this fact opens the door for doubt, which could ruin a criminal prosecution."

To put this in context, the author was saying that MD5 may not be sufficient in the (near?) future for generating hashes for forensic file system investigations. To be sure, 2^128 is *not* 340 billion, it is 340 billion billion billion billion. Now, I would normally think it possible that the copy editors left out the extra few repetitive words, and I am an author and have seen it done. But the author here continued to persuade the reader why this number was not so large as to ensure that no two files would have the same hash on even a very large hard drive array, as if he *really meant* 340 billion. 3.4 x 10^38 is such an unimaginably large number of files for a hard drive, at the highest capacity, we could not fit that hard drive in all of the container ships on planet Earth. In fact, even at a reasonable theoretical physical limit of data bits in quantum computing, where information may someday be stored in subatomic spaces, it would be a hard drive greater than the mass of all of the humans on Earth, each of whom is composed of about 2.3 x 10^28 atoms. So while I am not doubting that MD5 collisions exist, the chance that any file above a few hundred bytes on a given hard drive would share the same MD5 hash with any other different file on any other hard drive on planet Earth, is so miniscule as to be laughable. Check out forensics-intl.com/art12.html for a more detailed explanation.

The fact is, for all but the tiniest files, MD5 will be forensically sufficient far into the future. There is a reason why it is still used for this purpose, and not others where the risk of collision is very real. Hopefully this page is the last one with such an egregious technical error.