REVIEW: "Computer and Intrusion Forensics", George Mohay et al

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Jul 15, 2003.

  1. BKCMINFO.RVW 20030605

    "Computer and Intrusion Forensics", George Mohay et al, 2003,
    1-58053-369-8, U$79.00
    %A George Mohay
    %A Alison Anderson
    %A Byron Collie
    %A Olivier de Vel
    %A Rodney McKemmish
    %C 685 Canton St., Norwood, MA 02062
    %D 2003
    %G 1-58053-369-8
    %I Artech House/Horizon
    %O U$79.00 800-225-9977 fax: +1-617-769-6334
    %O http://www.amazon.com/exec/obidos/ASIN/1580533698/robsladesinterne
    http://www.amazon.co.uk/exec/obidos/ASIN/1580533698/robsladesinte-21
    %O http://www.amazon.ca/exec/obidos/ASIN/1580533698/robsladesin03-20
    %P 395 p.
    %T "Computer and Intrusion Forensics"

    The traditional data recovery aspect of computer forensics has been
    covered by Kruse and Heiser in "Computer Forensics" (cf.
    BKCMPFRN.RVW), and by Caloyannides in "Computer Forensics and Privacy"
    (cf. BKCMFRPR.RVW) (and somewhat less ably by Casey [cf.
    BKCMCRIN.RVW], Kovavish and Boni [cf. BKHTCRIH.RVW], Icove, Seger, and
    VonStorch [cf. BKCMPCRM.RVW], Marcella and Greenfield [cf.
    BKCYBFOR.RVW], van Wyk and Forna [cf. BKINCRES.RVW], and Mandia and
    Procise [cf. BKINCDRS.RVW]).

    So far network forensics has only been specifically dealt with in the
    not-terribly-useful "Hacker's Challenge," by Schiffman (cf.
    BKHKRCHL.RVW).

    "Computer and Intrusion Forensics" is the first attempt to bring both
    topics into a single book. (It is intriguing to note that Eugene
    Spafford, who wrote the foreword, is a pioneer of the "third leg":
    software forensics, which the book does not cover.)

    Chapter one is an introduction to computer and network (intrusion)
    forensics, pointing out the ways that computers can be involved in the
    commission of crimes and the requirements for obtaining and preserving
    evidence in such cases. While the material provides a good
    foundation, the text is inflated in many places, and could benefit
    from stricter adherence to the topic and more focused writing. (One
    illustration shows a pattern of concentric rings indicating that the
    set of productive activities encompasses all legal endeavors which, in
    turn, encompasses all approved actions. I suspect that a great many
    legal and even approved activities are unproductive--while no doubt a
    number of illegal activities would be approved, at times.) "Current
    Practice," in chapter two, is a broad overview of the concerns,
    technologies, applications, procedures, and legislation bearing on
    digital evidence recovery from computers. In fact, this single
    chapter is the equivalent of, and sometimes superior to, a number of
    the computer forensics books mentioned above. However, the breadth of
    the discussion does come at the expense of depth. This content is
    quite suitable for the information security, or even legal,
    professional who needs to understand the field of computer forensics,
    but it does not have the detail that a practitioner may require.
    Although chapter three is supposed to deal with computer forensics in
    law enforcement (and there is a brief section on the rules of
    evidence), it is primarily a reiteration (and some expansion) of the
    procedures for data recovery and the software tools available for this
    task. Forensic accounting, and the algorithms that can be used to
    detect fraud, are outlined in chapter four, but very little is
    directly relevant to computer forensics as such. Case studies,
    demonstrating the techniques discussed earlier and some that are not,
    are described in chapter five. Intrusion forensics concentrates on
    intrusion detection systems (IDS), although it does not provide a very
    clear or complete explanation of the distinctions in data collection
    (host- or network-based) or analysis engines (rule, signature,
    anomaly, or statistical). Chapter seven finishes off the book with a
    list of computer forensic research which is being, or should be,
    undertaken.

    While the computer forensic content is sound, and it is heartening to
    see other fields being included, the very limited work on network
    forensics is disappointing. This text is a useful reference for those
    needing background material on forensic technologies, but breaks no
    new ground.

    copyright Robert M. Slade, 2003 BKCMINFO.RVW 20030605

    --
    ======================

    "If you do buy a computer, don't turn it on." - Richards' 2nd Law
    ============= for back issues:
    [Base URL] site http://victoria.tc.ca/techrev/
    or mirror http://sun.soci.niu.edu/~rslade/
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Security Educ.: [Base URL]comseced.htm
    Book reviews: [Base URL]mnbk.htm
    [Base URL]review.htm
    Partial/recent: http://groups.yahoo.com/group/techbooks/
    Security Educ.: http://groups.yahoo.com/group/comseced/
    Review mailing list: send mail to
     
    Rob Slade, doting grandpa of Ryan and Trevor, Jul 15, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TRADESMAN

    George

    TRADESMAN, Oct 12, 2003, in forum: Computer Support
    Replies:
    10
    Views:
    981
  2. Brian H¹©

    Hi George

    Brian H¹©, Oct 12, 2003, in forum: Computer Support
    Replies:
    42
    Views:
    1,582
    slumpy
    Oct 14, 2003
  3. Alan Browne

    Mighty George P.

    Alan Browne, Nov 7, 2003, in forum: Digital Photography
    Replies:
    4
    Views:
    407
    Harry Da Hat
    Nov 8, 2003
  4. Dallas

    Mighty George P.

    Dallas, Nov 8, 2003, in forum: Digital Photography
    Replies:
    0
    Views:
    326
    Dallas
    Nov 8, 2003
  5. RFCSAC627N
    Replies:
    9
    Views:
    647
    Black Locust
    Oct 18, 2004
Loading...

Share This Page