Just finished “Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet”
by Eoghan Casey and featuring other contributing authors, and it’s quite
good. I bought this book because I
wanted an all-encompassing book that provided insight on the various aspects of
an investigation, especially the legal portion.
And in this aspect the book does an excellent job, and is in-depth in
area’s I have yet to see in other books.
The book is divided into five portions digital forensics, digital
investigations, apprehending offenders, computers and network forensics. For me the book was worth it for the first
three portions; however, the computers and network portions, while a good start,
there are more in-depth books that provide better insight.
Part I: Digital Forensics, was one of my favorite parts
of the book. It provides the reader with
a good background on where digital forensics comes from and how it has
evolved. It details the role of the
investigator in a case and the complications with digital evidence (the portion
applying to levels of certainty was very enlightening). I really enjoyed the portions of the book
relating to both US and European law.
This was an aspect I was looking to learn more about and the book
provides a great overview while outlining the specific important parts of
popular cyber law.
Part II: Digital
Investigions, is all about the process. Casey
does a good job of applying the tradition scientific method to the digital forefront. Applying it in this way it provides an easy
to apply method to the investigative process.
Not focusing on the specifics but more the outline of the thought
process, which allows you to go beyond knowing the specifics. Methods for conducting investigations,
handling crime scenes and reconstruction are discussed, as well as, going into
motives.
Part III:
Apprehending Offenders, was rather unexpected when I looked through the
table of contents and even more so when I read the chapters. However, in this case unexpected was
excellent. Various scenarios of need of
investigation are discussed like cyber stalking and computer intrusions, and
then delve into the victimology of the scenarios. This was really interesting to me, as it
provides a psychological aspect to the investigative process; something I then
realized can really help with an investigation.
Part IV and V:
Computers and Networking are pretty much what I expected. The computer portion really does give a great
foundation of knowledge, and if this is one of your beginning journeys it’s a
great place to start. It does go over
the background of important artifact information like file system structure,
basics of file recovery, browser artifacts, and the registry. It also provides good info on Unix and Mac
systems. The network portion is quite detailed
describing the various layers of the network topology. There is a lot of great
information in these chapters that was a great review of knowledge.
Overall, the book was enjoyable from start to finish and
I would recommend it to anyone looking for a great overview of digital forensic
investigation process from start to finish.
I am happy to add this book to my growing reference library.
Coming Up:
So, I have a lot going on. I have the following books to read (expect reviews):
- Windows Forensic Analysis 3rd Edition
- Practical Malware Analysis
- Digital Triage Forensics
- Windows Internals 6th Edition
I also have some research that I wish to share regarding File Tagging, with maybe a tool to follow eventually. So look for that as well.