REVIEW: "Computer and Intrusion Forensics", George Mohay et al

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Jul 15, 2003.

  1. BKCMINFO.RVW 20030605

    "Computer and Intrusion Forensics", George Mohay et al, 2003,
    1-58053-369-8, U$79.00
    %A George Mohay
    %A Alison Anderson
    %A Byron Collie
    %A Olivier de Vel
    %A Rodney McKemmish
    %C 685 Canton St., Norwood, MA 02062
    %D 2003
    %G 1-58053-369-8
    %I Artech House/Horizon
    %O U$79.00 800-225-9977 fax: +1-617-769-6334
    %P 395 p.
    %T "Computer and Intrusion Forensics"

    The traditional data recovery aspect of computer forensics has been
    covered by Kruse and Heiser in "Computer Forensics" (cf.
    BKCMPFRN.RVW), and by Caloyannides in "Computer Forensics and Privacy"
    (cf. BKCMFRPR.RVW) (and somewhat less ably by Casey [cf.
    BKCMCRIN.RVW], Kovavish and Boni [cf. BKHTCRIH.RVW], Icove, Seger, and
    VonStorch [cf. BKCMPCRM.RVW], Marcella and Greenfield [cf.
    BKCYBFOR.RVW], van Wyk and Forna [cf. BKINCRES.RVW], and Mandia and
    Procise [cf. BKINCDRS.RVW]).

    So far network forensics has only been specifically dealt with in the
    not-terribly-useful "Hacker's Challenge," by Schiffman (cf.

    "Computer and Intrusion Forensics" is the first attempt to bring both
    topics into a single book. (It is intriguing to note that Eugene
    Spafford, who wrote the foreword, is a pioneer of the "third leg":
    software forensics, which the book does not cover.)

    Chapter one is an introduction to computer and network (intrusion)
    forensics, pointing out the ways that computers can be involved in the
    commission of crimes and the requirements for obtaining and preserving
    evidence in such cases. While the material provides a good
    foundation, the text is inflated in many places, and could benefit
    from stricter adherence to the topic and more focused writing. (One
    illustration shows a pattern of concentric rings indicating that the
    set of productive activities encompasses all legal endeavors which, in
    turn, encompasses all approved actions. I suspect that a great many
    legal and even approved activities are unproductive--while no doubt a
    number of illegal activities would be approved, at times.) "Current
    Practice," in chapter two, is a broad overview of the concerns,
    technologies, applications, procedures, and legislation bearing on
    digital evidence recovery from computers. In fact, this single
    chapter is the equivalent of, and sometimes superior to, a number of
    the computer forensics books mentioned above. However, the breadth of
    the discussion does come at the expense of depth. This content is
    quite suitable for the information security, or even legal,
    professional who needs to understand the field of computer forensics,
    but it does not have the detail that a practitioner may require.
    Although chapter three is supposed to deal with computer forensics in
    law enforcement (and there is a brief section on the rules of
    evidence), it is primarily a reiteration (and some expansion) of the
    procedures for data recovery and the software tools available for this
    task. Forensic accounting, and the algorithms that can be used to
    detect fraud, are outlined in chapter four, but very little is
    directly relevant to computer forensics as such. Case studies,
    demonstrating the techniques discussed earlier and some that are not,
    are described in chapter five. Intrusion forensics concentrates on
    intrusion detection systems (IDS), although it does not provide a very
    clear or complete explanation of the distinctions in data collection
    (host- or network-based) or analysis engines (rule, signature,
    anomaly, or statistical). Chapter seven finishes off the book with a
    list of computer forensic research which is being, or should be,

    While the computer forensic content is sound, and it is heartening to
    see other fields being included, the very limited work on network
    forensics is disappointing. This text is a useful reference for those
    needing background material on forensic technologies, but breaks no
    new ground.

    copyright Robert M. Slade, 2003 BKCMINFO.RVW 20030605


    "If you do buy a computer, don't turn it on." - Richards' 2nd Law
    ============= for back issues:
    [Base URL] site
    or mirror
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Security Educ.: [Base URL]comseced.htm
    Book reviews: [Base URL]mnbk.htm
    [Base URL]review.htm
    Security Educ.:
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Jul 15, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.