This article can also be found in the Premium Editorial Download "Information Security magazine: Best-of-breed: Security Products of the Year: 2006."
Download it now to read this article plus other related content.
Real Digital Forensics
By Keith J. Jones, Richard Bejtlich, Curtis W. Rose
Addison-Wesley, 650 pages, $49.99
|Real Digital Forensics|
Real Digital Forensics' hands-on focus makes it stand out. With five cases illustrating forensics techniques, the authors lead you through the investigative process, asking questions and then applying forensic processes to provide the answers. In addition to commercial products like EnCase and FTK, they also highlight many open-source tools such as libPST for e-mail recovery. The DVD includes copies of case data and most of the free software so readers can follow along.
Digital investigators must be familiar with a variety of data sources, and Real Digital Forensics doesn't skimp. The book covers standard hard drive forensics, the analysis of running systems, network forensics, Web browser session reconstruction and e-mail discovery. The authors give step-by-step examples of acquiring and analyzing data from USB keys and PDAs, which are common in the field but ignored by most other forensics books. The book manages to cover most of the important points; however, some emerging technologies, like cell phones, are ignored.
After the reader finishes the book and starts to implement what he's learned, however, some confusion can set in. The relevant examples are spread throughout the book, and there is no single reference that lists the required equipment and software. An appendix with a checklist of references would be a welcome addition to future editions.
Another slight problem stems from content: Real Digital Forensics is essentially a survey of topics, not an exhaustive reference work. While the techniques presented are clearly described and forensically sound, serious investigators will require more detail. The emphasis is on practical techniques; theory is often omitted. For example, forensic analysts should be conversant with the details of standard file systems like NTFS or ext2/3, but this information is absent.
But, despite the minor flaws, Real Digital Forensics provides an excellent introduction to forensic techniques used in corporations and courtrooms world wide. If you're a beginner in the field, or if you want to expand your existing skill set, the book offers valuable expertise and hands-on experience that might otherwise not be easily available.
Visit SearchSecurity.com's Information Security Bookshelf for chapter downloads from these books and more.
Counter Hack Reloaded
By Ed Skoudis and Tom Liston
Intrusion Prevention Fundamentals
By Earl Carter and Jonathan Hogue
The Definitive Guide to Security Inside the Perimeter
By Rebecca Herold
The TCP/IP Guide
By Charles M. Kozierok
No Starch Press
Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools
By Christian Lahti, Roderick Peterson, Steve Lanza
Tell us what you think of our book reviews or the titles on our online bookshelf. Send your comments to firstname.lastname@example.org or enter your thoughts on SearchSecurity.com's Sound Off.
[The Art of Deception] is the Bible on social engineering--and how to combat it--from the master of all social engineers, Kevin Mitnick. Anyone overseeing information security in a large organization will lose sleep when they realize how vulnerable they really are."
--Joel Dubin, CISSP, independent security consultant and the author of The Little Black Book of Computer Security.
For a sample chapter of this and other information security titles, www.infosecuritymag.com/bookshelf.
This was first published in February 2006