The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site

Book details of 'Computer Evidence: Collection and Preservation'

Cover of Computer Evidence: Collection and Preservation
TitleComputer Evidence: Collection and Preservation
Author(s)Christopher LT Brown
PublishedJune 2009
PublisherCharles River Media
Web links for this book
Search at
Wikipedia booksources

Score: score: 3.4 ***--  Vote for this book

The Virtual Bookcase Reviews of 'Computer Evidence: Collection and Preservation':

Reviewer Koos van den Hout wrote:
In more and more cases, computers are involved in crimes or abuse as a means or a target. Investigating computer evidence is a brand new area of research with lots of different opinions and lots of ways in which things can go wrong. This book tries to help potential computer investigators to find their way in the enormous amount of information there is on the subject and to get started with proper tools. This book is a good start for anyone who needs a crash course on the subject, although it's better to read it when you don't need to research a case in one hour. Chapter 1, the introduction gives the reader a good start and notes a few common pitfalls. Chapter 2, the legal part is in my opinion a bit early in the book and may fend off a technical reader but it is oh so important to be aware of the legal status of investigations. Here the book does show a very america-centric approach to the subject: appropiate US laws are explained but international law is barely mentioned. Chapter 3 on evidence dynamics handles a very important part of collecting computer evidence, dealing with the fact that computers change state constantly and that trying to collect evidence on a computer also changes its state. The big discussion whether to collect disk images from the running system or from a shutdown or frozen system is also described. Chapter 4, information gathering lists methods of cataloguing computer systems, network components and other devices which may be involved or linked. Chapter 5 on network architecture explains modern networks. Chapter 6 on volatile data explains how gathering computer evidence has specific problems with regard to data of a volatile nature and suggesting approaches in dealing with these problems. Chapter 7 on disk technologies explains the longterm storage found in modern computers. Chapter 8 on SAN, NAS and RAID explains how modern networked and remote storage offers new challenges to computer evidence gathering and at the same time can make it easier to image disks from a storage network. Chapter 9 on removable media explains everything from the tapedrive via the floppy drive to modern flash memory which can have really small form factors. Chapter 10 on tools, preparation and documentation of artifact collection helps the computer evidence gatherer in how to prepare and perform this task in the best possible way. Chapter 11 on volatile data collection delves into the tools and methods for gathering volatile data. Chapter 12 on imaging methodologies explains hardware and software for disk imaging. Chapter 13 on large system collection explains the specific problems when dealing with large (amounts of) computer systems involved. Chapter 14 on personal portable devices goes into the specific problems of evidence contained on modern cell-phones, personal digital assistant and other small form-factor devices which are by themselves also complete computers but require specific knowledge and procedures. Chapter 15 describes the forensic workstation, how to set it up, what to prepare and what to bring. Chapter 16 describes how to set up a complete computer forensics lab with special networks to separate 'investigating' and 'administrative' traffic. Chapter 17 describes the options for further study into this field. Although the overviews of relevant laws and law enforcement related to computer crime are very US-centric, the rest of this book is a very good primer on the subject. And even with a very volatile subject like this the author has done a great job in being very up to date with developments, and notes where things change so rapidly the reader should just look up the latest information on the web. I can recommend this book to anyone active or interested in the field of modern computer security.

Add my review for Computer Evidence: Collection and Preservation

Book description:

As computers and data systems continue to evolve, they expand into every facet of our personal and business lives. Never before has our society been so information and technology driven. Because computers, data communications, and data storage devices have become ubiquitous, few crimes or civil disputes do not involve them in some way. This book teaches law enforcement, system administrators, information technology security professionals, legal professionals, and students of computer forensics how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. It has been updated to take into account changes in federal rules of evidence and case law that directly address digital evidence, as well as to expand upon portable device collection.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (120)
Cars and driving (53)
Cartoons (45)
Children's books (180)
Computer (475)
Computer history/fun (113)
Computer networks (382)
Computer programming (215)
Computer security (272)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (71)
History (138)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (85)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (56)
Technology (14)
Travel guides (308)
War and weapons (29)
World Wide Web (213)
Zen (5)
Other books (89)

The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail
Site credits
Copyright © 2000-2020 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement