Secure Reads: Real Digital Forensics

Read a review of the security book Real Digital Forensics.

This article can also be found in the Premium Editorial Download: Information Security magazine: Best-of-breed: Security Products of the Year: 2006:

Real Digital Forensics
By Keith J. Jones, Richard Bejtlich, Curtis W. Rose
Addison-Wesley, 650 pages, $49.99

@exb

Real Digital Forensics
@exe If you watch even a little television, you know that forensics is a hip, sexy field. But, real digital forensic investigations are neither hip nor sexy, but rather complicated and demanding: There is absolutely no substitute for experience, but it's difficult to come by. Enter Real Digital Forensics, a fantastic book/DVD combo that's shows you how to investigate a set of real-world cases under the guidance of its experienced authors.

Real Digital Forensics' hands-on focus makes it stand out. With five cases illustrating forensics techniques, the authors lead you through the investigative process, asking questions and then applying forensic processes to provide the answers. In addition to commercial products like EnCase and FTK, they also highlight many open-source tools such as libPST for e-mail recovery. The DVD includes copies of case data and most of the free software so readers can follow along.

Digital investigators must be familiar with a variety of data sources, and Real Digital Forensics doesn't skimp. The book covers standard hard drive forensics, the analysis of running systems, network forensics, Web browser session reconstruction and e-mail discovery. The authors give step-by-step examples of acquiring and analyzing data from USB keys and PDAs, which are common in the field but ignored by most other forensics books. The book manages to cover most of the important points; however, some emerging technologies, like cell phones, are ignored.

After the reader finishes the book and starts to implement what he's learned, however, some confusion can set in. The relevant examples are spread throughout the book, and there is no single reference that lists the required equipment and software. An appendix with a checklist of references would be a welcome addition to future editions.

Another slight problem stems from content: Real Digital Forensics is essentially a survey of topics, not an exhaustive reference work. While the techniques presented are clearly described and forensically sound, serious investigators will require more detail. The emphasis is on practical techniques; theory is often omitted. For example, forensic analysts should be conversant with the details of standard file systems like NTFS or ext2/3, but this information is absent.

But, despite the minor flaws, Real Digital Forensics provides an excellent introduction to forensic techniques used in corporations and courtrooms world wide. If you're a beginner in the field, or if you want to expand your existing skill set, the book offers valuable expertise and hands-on experience that might otherwise not be easily available.

--David Bianco


Top Shelf
Visit SearchSecurity.com's Information Security Bookshelf for chapter downloads from these books and more.

Counter Hack Reloaded
By Ed Skoudis and Tom Liston
Prentice Hall

Intrusion Prevention Fundamentals
By Earl Carter and Jonathan Hogue
Cisco Press

The Definitive Guide to Security Inside the Perimeter
By Rebecca Herold
Realtimepublishers

The TCP/IP Guide
By Charles M. Kozierok
No Starch Press

Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools
By Christian Lahti, Roderick Peterson, Steve Lanza
Syngress

Web Feedback
Tell us what you think of our book reviews or the titles on our online bookshelf. Send your comments to feedback@infosecuritymag.com or enter your thoughts on SearchSecurity.com's Sound Off.


[The Art of Deception] is the Bible on social engineering--and how to combat it--from the master of all social engineers, Kevin Mitnick. Anyone overseeing information security in a large organization will lose sleep when they realize how vulnerable they really are."
--Joel Dubin, CISSP, independent security consultant and the author of The Little Black Book of Computer Security.

For a sample chapter of this and other information security titles, www.infosecuritymag.com/bookshelf.

This was first published in February 2006

Dig deeper on Monitoring Network Traffic and Network Forensics

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close