Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > REVIEW: "Guide to Computer Forensics and Investigations", Bill Nelson et al

Thread Tools

REVIEW: "Guide to Computer Forensics and Investigations", Bill Nelson et al

Robert Michael Slade
Posts: n/a

"Guide to Computer Forensics and Investigations", Bill Nelson et al,
2004, 0-619-13120-9
%A Bill Nelson
%A Amelia Phillips
%A Frank Enfinger
%A Chris Steuart
%C 25 Thomson Place, Boston, MA 02210
%D 2004
%G 0-619-13120-9
%I Thomson Learning Inc.
%O Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P 689 p. + CD-ROM
%T "Guide to Computer Forensics and Investigations"

The preface states that the book is intended for newcomers to computer
forensics that have a basic background in computers and networking.
There is mention of instructor material on the CD-ROM, but no other
direction in regard to use as a course text.

Chapter one purports to provide an overview of the computer forensics
profession. It jumps, seemingly without structure, from topic to
topic, never providing solid information about much of anything. The
progress and process of computer investigations is the topic of
chapter two, but the material ranges between the uselessly vague
(brief mentions of important concepts such as chain of
evidence/custody, with no discussion of why they are vital) and the
uselessly specific (six pages of instruction on how to make a Windows
98 system boot to DOS). The content also relies heavily upon the
assumption that the reader will have a certain suite of commercial
forensics tools from a particular company. (It also seems to feel
that the reader will never need to examine systems other than DOS,
Windows 98, FAT12, and floppy disks.) DOS and Windows file systems
(including NTFS) are reviewed in chapter four, although the level of
detail provided is very inconsistent (eight pages of information on
DOS batch files, and only four pages to describe the entire NTFS disk
structure). Illustrations are less than helpful, particularly in
regard to labelling, and the use of terminology in non-standard ways
can lead to confusion. (In this book, "file slack" refers to what is
otherwise simply known as unused or unallocated space.) Basically,
the material is simplistic and unlikely to be needed by most people
with an intermediate level of computer knowledge, while at the same
time being incomplete, and probably not of any assistance to someone
actually looking at disk sectors. The material on Macintosh and Linux
systems, in chapter four, is similar.

Most of the material in chapter five, on a forensics lab and office,
is generic advice on either computer requirements or forensics (but
non-computer) labs. Chapter six lists an apparently random collection
of forensics tools. Rules of evidence (American) and a brief
description of one program for hash calculation are in chapter seven.
Chapter eight talks about processing the crime scene: the text ranges
from the vague (identifying the computer) to the bizarre (HAZMAT
suits). Some of the aforementioned commercial programs used in data
acquisition are outlined in chapter nine while the analytical tools
are depicted in chapter ten.

Chapter eleven, on email, does show how to read headers in more than
one mail user agent program, and mentions the log files on a couple of
mail servers. Some random notes on graphics files, and, as in the
rest of the book, lots of verbiage for not much information, is in
chapter twelve. The advice on preparing reports, in chapter thirteen,
is banal and has little bearing on forensics. Chapter fourteen, on
expert witness, does not deal with the requirements for establishing
that status, nor the restrictions on opinion in some cases.

As far as computer forensics goes, the foundation provided in this
work is far from solid. It mentions the basic topics, but fails to
provide much in the way of resources for proceeding with the
profession. The material provided is excessively wordy, and the
structure is often jumpy and unhelpful. Extensive sections have been
added that will be of little use to anyone other than a computer
novice, seemingly only in an attempt to pad the length of the book. I
would have trouble recommending this text to any audience.

copyright Robert M. Slade, 2005 BKGTCFAI.RVW 20050801

-- Removed) (E-Mail Removed) (E-Mail Removed)
Find virus, book info
Mirrored at
Review mailing list: send mail to (E-Mail Removed)
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Encase 4.20 (the premier computer forensics tool) Posted nemo outis Computer Security 130 06-15-2009 10:07 PM
GS 14/15 Branch Chief Computer Forensics job opening in Johnstown, PA pndfam05 Computer Security 1 07-20-2006 12:46 AM
New Review - Incident Response & Computer Forensics Second Edition Lord Shaolin Computer Security 4 10-27-2003 01:03 AM
Any Nelson IT programmers out there ? John Doe NZ Computing 1 09-11-2003 01:40 PM
REVIEW: "Computer and Intrusion Forensics", George Mohay et al Rob Slade, doting grandpa of Ryan and Trevor Computer Security 0 07-15-2003 02:49 PM