The mightiest fortresses in the world can fail, and when that happens all you can do (you being the person responsible for castle security) is figure out what went wrong, what damage was done, and by whom. If the castle was located in the right kind of kingdom--to take a metaphor too far--you can hope to prosecute the perpetrator. Computer Forensics: Computer Crime Scene Investigation explains how to gather evidence of computer crimes in such a way that it will be more likely to lead to a conviction in a criminal court. It's an interesting legal area--after all, it's almost always you, and not any law enforcement agency doing the surveillance and evidence-gathering on your computer systems--and John Vacca has done a fair bit of research. This book will probably expand your thinking on the subject of information security.
On the other hand, though Vacca gives good general advice (don't lose volatile information by shutting a compromised machine down midattack; do be prepared to translate memory dumps into jury-readable form), he sometimes meanders into generalizations and irrelevancies. The fact that terrorists distribute their plans via public Web sites is certainly scary, but hardly helpful to someone wanting to prosecute the guy who vandalized the corporate Web site. Similarly interesting, but practically irrelevant to most of us, are discussions of high-energy radio frequency (HERF) and electromagnetic pulse (EMP) weapons that can knock out information systems from a distance. More focus on evidence collection in organizational computing environments would make this book useful, rather than just generally informative. --David Wall
Topics covered: How to gather evidence of a hack attack after the fact, and a lot of general-interest information on the state of crime and law enforcement in computer technology. Coverage is almost all general in nature, dealing with how to formulate a strategy and deal with events without getting into details of any operating system or computing environment.
Terrorist attacks are no longer relegated to airports and federal buildings. Using personal computers as their weapons, hackers and criminals (some only 11 years old) have attacked the Internet, government agencies, financial companies, small businesses, and credit card accounts of unsuspecting individuals. This book/CD package provides a complete overview of computer forensics from its definition to "crime scene investigation," seizure of data, determining the "fingerprints" of the crime, and tracking down the criminal. The book focuses on "solving the crime" rather than information security.
* Comprehensive overview of the subject from definitions to data recovery techniques to auditing methods to terrorist cyber-attacks
* Case studies and vignettes of actual computer crimes
* Selected Topics: Computer Forensics Fundamentals; Data Recovery; Evidence Collection And Data Seizure; Duplication And Preservation Of Digital Evidence; Electronic Evidence Reconstructing Past Events; Deterrence through Attacker ID; Destruction of e-mail; Is the US Government Prepared for Information Warfare; The Dark World of the Cyber Underground; Protection against Random Terrorist Information Warfare Tactics; The Cyber Foot Print and Criminal Tacking; The Individual Exposed; Case Studies and Vignettes
* CD includes tools, presentations, and demos of the latest computer forensics software, including partition images from The Forensic Challenge