Wednesday, February 15, 2012

Review of Digital Evidence and Computer Crime

            Just finished “Digital Evidence and Computer Crime:  Forensic Science, Computers and the Internet” by Eoghan Casey and featuring other contributing authors, and it’s quite good.  I bought this book because I wanted an all-encompassing book that provided insight on the various aspects of an investigation, especially the legal portion.  And in this aspect the book does an excellent job, and is in-depth in area’s I have yet to see in other books.  The book is divided into five portions digital forensics, digital investigations, apprehending offenders, computers and network forensics.  For me the book was worth it for the first three portions; however, the computers and network portions, while a good start, there are more in-depth books that provide better insight. 

            Part I: Digital Forensics, was one of my favorite parts of the book.  It provides the reader with a good background on where digital forensics comes from and how it has evolved.  It details the role of the investigator in a case and the complications with digital evidence (the portion applying to levels of certainty was very enlightening).  I really enjoyed the portions of the book relating to both US and European law.  This was an aspect I was looking to learn more about and the book provides a great overview while outlining the specific important parts of popular cyber law. 

            Part II:  Digital Investigions, is all about the process.  Casey does a good job of applying the tradition scientific method to the digital forefront.  Applying it in this way it provides an easy to apply method to the investigative process.  Not focusing on the specifics but more the outline of the thought process, which allows you to go beyond knowing the specifics.  Methods for conducting investigations, handling crime scenes and reconstruction are discussed, as well as, going into motives.

            Part III:  Apprehending Offenders, was rather unexpected when I looked through the table of contents and even more so when I read the chapters.  However, in this case unexpected was excellent.  Various scenarios of need of investigation are discussed like cyber stalking and computer intrusions, and then delve into the victimology of the scenarios.  This was really interesting to me, as it provides a psychological aspect to the investigative process; something I then realized can really help with an investigation.

            Part IV and V:  Computers and Networking are pretty much what I expected.  The computer portion really does give a great foundation of knowledge, and if this is one of your beginning journeys it’s a great place to start.  It does go over the background of important artifact information like file system structure, basics of file recovery, browser artifacts, and the registry.  It also provides good info on Unix and Mac systems.  The network portion is quite detailed describing the various layers of the network topology. There is a lot of great information in these chapters that was a great review of knowledge. 

            Overall, the book was enjoyable from start to finish and I would recommend it to anyone looking for a great overview of digital forensic investigation process from start to finish.   I am happy to add this book to my growing reference library.  

Coming Up:

So, I have a lot going on.  I have the following books to read (expect reviews):

  • Windows Forensic Analysis 3rd Edition
  • Practical Malware Analysis
  • Digital Triage Forensics
  • Windows Internals 6th Edition
I also have some research that I wish to share regarding File Tagging, with maybe a tool to follow eventually.  So look for that as well.