The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Real Digital Forensics : Computer Security and Incident Response'

Cover of Real Digital Forensics : Computer Security and Incident Response
TitleReal Digital Forensics : Computer Security and Incident Response
Author(s)Keith J. Jones
ISBN0321240693
LanguageEnglish
PublishedSeptember 2005
PublisherAddison-Wesley Professional
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Amazon.com info for Real Digital Forensics : Computer Security and Incident Response

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Real Digital Forensics : Computer Security and Incident Response':

Reviewer Rob Slade wrote:
Some forensics books provide a CD-ROM with (usually demo) versions of computer forensic software. This one provides a DVD of log and other forensic data, and points the reader to sites for open source tools that can be used to explore it. Six "case studies," of fictitious situations, have been provided, and are referred to at different times and places within the book. Part one ostensibly looks at response to an incident in real time. Chapter one outlines tools that can be used for data capture and analysis of various types on a Windows computer (associated with the first "case"). There is rather limited explanation of the choices and decisions involved (the authors make frequent mention that topics are "beyond the scope" of this book and that the reader should go and get their other works), and it is not always easy to follow the structure that the authors may have intended, but the material should be reasonable enough for the dedicated reader to work through. A duplicate situation, with a UNIX system, is presented in chapter two. Part two concentrates on network-based forensics, although a number of activities in the first division related to the network as well. Chapter three, almost irritatingly simplistic after the "jump in and swim" approach in the first two, lists some tools for collecting network data and evidence. Analysis of the data is outlined in chapter four (for Windows) and five (for UNIX). Again, the resulting listings can make for annoying reading: the authors will frequently note that a page or two of densely packed and impenetrable figures demonstrate a certain conclusion, but they do not always say why. Part three examines forensic copying or duplication of systems. Chapter six covers some basic, and some oddball, points and suggestions. A few commercial (in chapter seven) and non-commercial (in chapter eight) data duplication tools are presented. Forensics analysis techniques get some discussion in part four. Chapter nine uses various tools to try and access disk images or deleted files. Tools for reconstructing Web browsing activity are listed in chapter ten, while email is scrutinized in chapter eleven. The Registry gets special attention in chapter twelve. Analysis of two Linux executable files is attempted in chapters thirteen (a known file) and fourteen (unknown). Chapter fifteen combines both in looking at Windows programs, but uses the Cygwin system to utilize UNIX-like tools. Part five purportedly discusses the creation of a complete forensic toolkit. However, chapter sixteen just lists a few tools, and seventeen suggests making your CD of utilities bootable via the Knoppix distribution. Part six reviews mobile device forensics. Chapter eighteen notes some tools for accessing PDAs (Personal Digital Assistants). Mounting USB (Universal Serial Bus) devices on Linux is covered briefly in chapter nineteen, while analyzing the data, in chapter twenty, is pretty much the same as any other filesystem. Part seven looks at online-based forensics (rather begging the question of what the difference is between "online" and "network"). Chapter twenty-one outlines the tracing of email that has been sent via Webmail services. Programs, mostly in Perl and SQL, for searching Verisign's database of top-level domain ownership, are "listed" in twenty-two. This work has a lot of useful information, but as an overall guide is woefully incomplete. I know that sounds like a contradiction, but it remains true. For those who want to get involved with digital forensics, there are useful pointers to tools, and some sets of data to play with, and these items are missing from most other forensics texts. For those who need to know how to actually approach an investigation of a computer or an intrusion into a system, there are huge gaps in the coverage this work provides. copyright Robert M. Slade, 2005
Add my review for Real Digital Forensics : Computer Security and Incident Response
Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement