BKCHTDFE.RVW 20080318 "Challenges to Digital Forensic Evidence", Fred Cohen, 2008, 1-878109-41-3, U$39.00 %A Fred Cohen %C 572 Leona Dr, Livermore, CA 94550 %D 2008 %G 1-878109-41-3 %I Fred Cohen and Associates %O U$39.00 925-454-0171 all.net %O http://www.amazon.com/exec/obidos/ASIN/1878109413/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1878109413/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1878109413/robsladesin03-20 %O Audience s+ Tech 2 Writing 2 (see revfaq.htm for explanation) %P 122 p. %T "Challenges to Digital Forensic Evidence" Fred Cohen knows his stuff when it comes to digital forensics, despite the fun he has with legalities in the frontmatter of this book. Cohen states, in chapter one, he wrote the book because of the mistakes he had seen people make when bringing technical materials into a legal setting. The work is a sold background for a forensic examiner, and covers a number of areas that are missed in most of the current literature on this topic. Forensics is more than simply getting bits out of a given operating filesystem. Chapter two concentrates on the errors or problems that arise in the process of collecting evidence. Many computer forensics books list the sections that should be included in a written report, but this author provides, in chapter three, practical advice on both wording and approaches, including such aspects as the reporting of errors in previously submitted reports. Chapter four demonstrates difficult situations, some covered in prior chapters and some new, based on actual cases. Chapter five reiterates and emphasizes a point that Cohen raises frequently throughout the book: as an expert, you are working within, and subject to, an adversarial system and all its attendant limitations, but your primary responsibility is to the truth. Being honest in your work and statements is the basis for all of your testimony. As chapter six points out, it is also the best way to avoid being challenged. There are many books that talk about forensic tools: this isn't one of them. There are a number of works that address specifics of file systems and storage devices: this isn't one of them. A few texts even address some aspects of the investigative process and management: Cohen addresses some of those issues. However, I have not seen any other guides that will tell you, clearly and plainly, how to avoid the most common failings of technical experts trying to provide evidence in a decidedly non-technical legal system. copyright Robert M. Slade, 2008 BKCHTDFE.RVW 20080318