Computer Forensics: Computer Crime Scene Investigation Second Edition

Computer Forensics: Computer Crime Scene Investigation Second Edition, by John R. Vacca, ISBN 1-58450-389-0

Reviewed by: Howard Carson, July 2005
Published by: Charles River Media
Requires: N/A
MSRP: US$49.95, CDN$64.95

There's an onslaught of crime taking place using computers as the weapons of choice. Hackers and criminals (some as young as 11 years old) attack government agencies, financial companies, small businesses, credit card accounts, databases and the Internet itself. So what's an innocent bystander to do? Well if you subscribe to some contemporary notions of consumer advocacy and consumer protection, you can start by declaring that anyone who is merely a bystander is definitely not innocent these days! In this day and age, tools and methods and attitudes exist which should encourage consumers of all types and abilities to don the armor needed to protect themselves from most personal information crimes. For those taking an even greater proactive approach to digital information crime, there is now an entire sphere of techniques and tools to investigate and analyze the kind of criminal behavior we fear the most: theft of our identities and reputations. If you're part of a corporate entity and your responsibilities include information security and the stability of your online presence, you too need factual and reliable reference material to help guide you and your staff through the shark infested waters of the digital information age. Ergo, you need an authoritative book to get started.

Computer Forensics: Computer Crime Scene Investigation Second Edition has been completely updated since the first edition. Although fundamental network and Internet technologies have changed very little over the past few years, the book nonetheless provides an enlightening overview of computer forensics, from information security issues to crime scene investigation, seizure of data, determining the 'fingerprints' of the crime, and tracking down the criminals. The companion CD-ROM contains demo versions of the latest computer forensics software—a nice touch (limited demos though they are), considering the fact that this sort of software is often hard to track down. Numerous exercises, case studies, and vignettes of actual crimes support the topics discussed in the text, attempting to provide readers with solutions to computer crime in the real world.

"S'nice," you might be saying to yourself right now, "but why the bleepin' heck should I trust any of the stuff in the book, and who on earth is author John R. Vacca anyway? We're talking major serious stuff here and trust—the kind of trust that has to walk hand-in-hand with any consideration related to personal and business information security—has to be built on a foundation of legitimate and successful experience, right?" S'okay though. Vacca has authored and published hundreds of articles and written over 35 books on computer-related topics, including Satellite Encryption (AP), Net Privacy (McGraw-Hill), and Electronic Commerce 3/E (CRM). From 1988-1995 he was the computer security official for NASA's Space Station and International Space Station programs. Currently, he's a privacy and security consultant for the Social Security Administration. The guy's got some game for sure.

Here are the key features of the book:

Comprehensive overview of the subject from information security issues to data recovery techniques to auditing methods to terrorist cyber-attacks
Evidence Identification and Checklist forms
Hands-on projects, exercises, and case studies for each chapter
CD includes tools, presentations, and demos of the latest computer forensics software
Selected Chapters include: Computer Forensics Fundamentals; Data Recovery; Evidence Collection and Data Seizure; Computer Image Verification; Duplication and Preservation of Digital Evidence; Electronic Evidence Reconstructing Past Events; Deterrence through Attacker ID; Destruction of e-mail; Networks; Protection against Random Terrorist Information Warfare Tactics; The Cyber Foot Print and Criminal Tracking; The Individual Exposed; Advanced Encryption & Hacking; Case Studies and Vignettes; Evidence Checklists and Forms

Computer Forensics: Computer Crime Scene Investigation is not just a large book about computer forensics (a complex, exacting and highly technical field). More than that, the book is a complete treatise on data security and data integrity, personal, business, military and intelligence cyber crime investigation, and additionally covers subjects such as covert data management and countermeasures. Essentially, the book is a highly detailed, imtermediate course on all of the foregoing. Combined with authoritative instructors and active field studies and test cases, there is no doubt that the book can be used as the basis for formally recognized courses in cyber forensics. Author John R. Vacca is certainly an established authority in any case.

The CD-ROM contains a healthy fistful of data recovery and forensic analysis tools as well as some other goodies. Among those goodies is a series of factual and informative documents authored by Computer Forensics Inc., full of high quality reference material including "Ten Steps to Successful Computer Discovery" and "Ten Ways to Torpedo Your Data Discovery Expert" among others. Great stuff. CY4OR Limited has contributed a wonderful (if definitively paranoid) piece called "Are You Sitting Next to a Criminal" which can also be found on the CD.

Cons: Not for the faint of heart. The first couple of sections in the book contain definitive explanations of a number of issues which should be of great value to general readers, but the majority of the book is quite technical in nature—not a "Con" strictly speaking, but rather a warning that the book does not make for casual reading. Vacca's writing style is effective enough, but I wished for a bit of judicious copy editing in a number of places in order to help less experienced readers through difficult explanations.

Pros: The forensics software demo versions supplied on the accompanying CD-ROM are fascinating. The book is a complete intermediate cyber forensics course, cyber crime history lesson and an authoritative overview of cyber forensics methodologies. The range of topics is huge and covers every commonly known area of cyber crime along with a number of lesser known, but no less important areas. IS/IT managers, information technology CEOs and other executives, small business owners and of course anyone studying cyber forensics at any level should take a long look at this book. Highly recommended.