Review of Digital Evidence and Computer Crime

            Just finished “Digital Evidence and Computer Crime:  Forensic Science, Computers and the Internet” by Eoghan Casey and featuring other contributing authors, and it’s quite good.  I bought this book because I wanted an all-encompassing book that provided insight on the various aspects of an investigation, especially the legal portion.  And in this aspect the book does an excellent job, and is in-depth in area’s I have yet to see in other books.  The book is divided into five portions digital forensics, digital investigations, apprehending offenders, computers and network forensics.  For me the book was worth it for the first three portions; however, the computers and network portions, while a good start, there are more in-depth books that provide better insight. 

            Part I: Digital Forensics, was one of my favorite parts of the book.  It provides the reader with a good background on where digital forensics comes from and how it has evolved.  It details the role of the investigator in a case and the complications with digital evidence (the portion applying to levels of certainty was very enlightening).  I really enjoyed the portions of the book relating to both US and European law.  This was an aspect I was looking to learn more about and the book provides a great overview while outlining the specific important parts of popular cyber law. 

            Part II:  Digital Investigions, is all about the process.  Casey does a good job of applying the tradition scientific method to the digital forefront.  Applying it in this way it provides an easy to apply method to the investigative process.  Not focusing on the specifics but more the outline of the thought process, which allows you to go beyond knowing the specifics.  Methods for conducting investigations, handling crime scenes and reconstruction are discussed, as well as, going into motives.

            Part III:  Apprehending Offenders, was rather unexpected when I looked through the table of contents and even more so when I read the chapters.  However, in this case unexpected was excellent.  Various scenarios of need of investigation are discussed like cyber stalking and computer intrusions, and then delve into the victimology of the scenarios.  This was really interesting to me, as it provides a psychological aspect to the investigative process; something I then realized can really help with an investigation.

            Part IV and V:  Computers and Networking are pretty much what I expected.  The computer portion really does give a great foundation of knowledge, and if this is one of your beginning journeys it’s a great place to start.  It does go over the background of important artifact information like file system structure, basics of file recovery, browser artifacts, and the registry.  It also provides good info on Unix and Mac systems.  The network portion is quite detailed describing the various layers of the network topology. There is a lot of great information in these chapters that was a great review of knowledge. 

            Overall, the book was enjoyable from start to finish and I would recommend it to anyone looking for a great overview of digital forensic investigation process from start to finish.   I am happy to add this book to my growing reference library.  

Coming Up:

So, I have a lot going on.  I have the following books to read (expect reviews):

• Windows Forensic Analysis 3rd Edition
• Practical Malware Analysis
• Digital Triage Forensics
• Windows Internals 6th Edition

I also have some research that I wish to share regarding File Tagging, with maybe a tool to follow eventually.  So look for that as well.  

Review of Metasploit: A Penetration Tester's Guide

     Metaspoit:  A Penetration Tester's Guide (MAPTG) from David Kennedy (@Dave_Rel1k), Jim O'Gorman (@_Elwood_), Devon Kearns (@dookie2000ca), and Mati Aharoni (@backtracklinux) is probably the foremost resource one can obtain for learning the basics of the Metasploit framework.  The book is for those behind the curve a little bit and haven't used Metasploit yet.  I feel like the book does a great job of delivering on what it promises, a foundation knowledge of the ins and outs of the great framework.  By the time you finish the book you should understand how to use the framework; you most likely will not understand all of it, but it gives you great information on how you can figure it out really through utilizing the many utilities within the tool.

     Let me start this review off by stating my personal opinion on how you should utilize this book:  build a test penetration lab and follow the books instructions as you go along.  Take advantage of the appendices!  Appendix A will tell you how to setup your test environments, both your attack machines and your victim machines.  Appendix B is your cheat sheet and quick reference for the numerous commands you'll be using.  I suggest starting here and just familiarize yourself here before you begin.  This is not what I did, but in retrospect I really wish I had.  

     The book doesn't waste time, after going into the basics of what will occur in a standard penetration test.  The authors state that this book is not the best source for understanding all that can occur in a Pen Test and refer to the Penetration Test Execution Standard as a better source of gaining better insight on the subject if you're looking for it.  Next the book cover's the basics of metasploit so you can get around the console with better familiarity, or options you have if you want more information.  These chapters are small and cover the essentials of what you'll need to know to get through the book if you have no prior knowledge about the tool.  The following chapters, which I will not cover in depth, go step-by-step through a basic Pen Test outline.  They start and information gathering and go all the way into creating your own exploits to automating your process with scripts within the framework.  

     Every chapter covers it's subject very well.  They're very concise and to the point, which I enjoy a whole lot.  Also, most of the chapters include examples of how to run the tools, and what output should look like (which is why I suggest you set up a lab environment and run the commands as your read them).  At times, I wish the chapters were a bit more in-depth, especially the creation of exploits chapter; however, that is probably a bit outside the scope of this particular book.  I especially enjoyed the chapters on creating exploits and the power of the Social-Engineering Toolkit.  The final chapter uniquely summarized what was learned in the book by explaining how to simulate a penetration test, and if completed properly will have you exploiting your vulnerable test lab in no time.  

     I highly would recommend this book to anyone who is looking to get into Metasploit a lot more.  It gives you a great base to learn the tool, and if nothing else spawn even more of a desire to learn more (I know it did for me).  I started this book with very base knowledge of the Metasploit framework, and after some testing and the guidance of this book I feel a lot more comfortable with using the amazing power behind Metasploit.  You can pick this book up for about $28 dollars on Amazon, this is an amazing value!  I would suggest if you even have an interest in penetration testing that you pick up this book and read it.

Road to CCE, Pt. 3: Review of Digital Forensics with Open Source Tools

     "Digital Forensics with Open Source Tools" (DFwOST), by Cory Altheide and Harlan Carvey is an excellent resource for a beginning forensics student I feel.  I am so happy that I decided to pick up this book, it has proven to be one of the best resources I now have.  This book reads extremely well, as the information it contains is concise and to the point.  DFwOST is certainly a value and I can see myself returning to it in the coming months.  

     As far as the content of the books is concerned, the authors provide a wealth of knowledge covering the basics of digital forensics.  The beginning chapter goes over what open source is and how its going to relate to the book.  The next chapter then discusses the differences in choosing a host operating system (mainly Windows vs Linux).  Chapters 3 through 8 analyze varying topics of digital forensics like file system analysis, points of analysis for varying operating systems, Internet artifacts, and file analysis.  These chapters hold a lot of information relating to the multiple points of interest in digital forensics; and while discussing the topics the authors provide the reader with examples of analysis with popular open source projects.  The final chapter then offers the reader insight into how to utilize the various discussed tools with better efficiency; as well as, the pros and cons of graphical user interfaces versus command line interfaces.  

     Overall, I feel like this is one of the best resources for learning about digital forensics because it provides great information along with practical knowledge of how to use the information.  It's easy enough to follow along with the reading while testing these tools with your own test lab.  The authors often provide easy to follow installation methods, which can often be valuable with dealing with some open source projects.  If you're looking to get into forensics more or even just learn about current open source projects going on in the forensics world I would recommend you go out and pick up this book.  I feel like this book helped me take the knowledge I've learned from other books I've discussed in this blog and transform it into practical knowledge as it's easy to get access to these tools and test them for myself without spending money (a plus for any college student).