Computer Forensics
AT 703 pages this is a voluminous work that attempts to cover all the basics of computer forensics and accomplishes that goal. The book does include a CD but it is somewhat disappointing. It contains mostly demo programs that give you only a taste of the product and a few public domain tools that you are likely to have anyway if you do even a modicum of computer security work. The nicest thing about the CD is the inclusion of various checklists to help make sure you follow good forensic procedures. As such the target audience for this book is people who need basic forensic skills and the knowledge to develop an IT security strategy.
The book starts with a solid overview of computer forensics technology and how the field has changed over the last several years. The author does a good job of covering computer evidence issues and the special issues associated with the Windows operating system. This introduction is followed with sections dealing with Internet security, intrusion detection, firewalls, storage area networks security, disaster recovery, public key infrastructure security, wireless network security, satellite encryption, instant messenger, ID management, ID theft, biometrics, and homeland security.
The author also discusses several specific vendor tools that can be used as well as policies that should be used to document and prosecute an attack. This section includes a discussion of appropriate incident responses, evidence collection, forensic analysis, expert witnessing, forensic litigation, and insurance support. While the book provides an excellent base of knowledge to the reader in the area of evidence collection the reader should also be aware that the legal and technical environment changes quickly.
If you believe your computer has been attacked or otherwise need to prove something did or did not occur, this book's shining point is the excellent job it does on evidence collection and preservation. This is an area where many business owners and technical users get into trouble. Incorrectly checking the system for signs of the attack or other illegal information often makes the data unusable in a court of law. You must follow specific procedures to protect the original evidence and work on a copy. All the details of the correct procedure is presented clearly in this book. Computer Forensics is highly recommended.
Author: John R. Vacca
Publisher: Charles River Media, Inc.
10 Downer Ave
Hingham, MA 02043
Copyright: 2005
ISBN: 1584503890
Pages: 703 plus multiple appendixes, glossary, and index