BKSOCCFH.RVW 20060809 "Scene of the Cybercrime: Computer Forensics Handbook", Debra Littlejohn Shinder, 2002, 1-931836-65-5, U$59.95/C$92.95 %A Debra Littlejohn Shinder debshinder@sceneofthecybercrime.com %C 800 Hingham Street, Rockland, MA 02370 %D 2002 %E Ed Tittel %G 1-931836-65-5 %I Syngress Media, Inc. %O U$59.95/C$92.95 781-681-5151 fax: 781-681-3585 amy@syngress.com %O http://www.amazon.com/exec/obidos/ASIN/1931836655/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1931836655/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1931836655/robsladesin03-20 %O Audience n+ Tech 2 Writing 3 (see revfaq.htm for explanation) %P 718 p. %T "Scene of the Cybercrime: Computer Forensics Handbook" There are some good forensics books out there, but there are also a number of forensics titles that are nothing more than pamphlets suggesting that the reader get a copy of EnCase and fool around. Then there is this work. I'm not sure how I got a review book that is four years old, an eternity in the technical realm, and particularly in security. Astoundingly, Shinder produced a work that cut to the heart of the necessary concepts, without piling on technical trivia that would rapidly go out of date. This volume is as relevant and valuable today as it was when it came out. The foreword notes that the author, herself from both a law enforcement and a technical background, found that most technical security people know little about law and legal procedures, and that law enforcement personnel know next to nothing about computer internals. She set herself to provide geek info to the cops and cop smarts to the geeks, and to compile a reference to other resources. She has produced an admirably valuable text. Chapter one starts out with a bit of a slip, stating that cybercrime is a subcategory of computer crime, but then explains it in such a way as to be basically identical. However, Shinder goes on to provide an excellent review of the problems in defining and categorizing cybercrime, jurisdictional issues, and the difficulties in building a team and infrastructure to fight cybercrime. A concise history of computer crime events and issues, and a review of common dangers, makes up chapter two. (The material on high-speed Internet is somewhat dated, but the rest is excellent.) In other hands, chapter three's examination of the people involved in cybercrime would be a rehash of old "hacker" stereotypes. Instead, Shinder gives us criminal psychology, profiling (and counterexamples to the stereotypes), victimology, and the characteristics of a good investigator. Chapter four looks into computer hardware basics. Techies will think it simplistic, but the content is pitched just right for computer neophytes who need the fundamental concepts and enough detail to step up to further studies. Some may think that the coverage of networking, in chapter five, spends too much time on analogue signalling and old LAN protocols, but you have to remember that digital forensic investigators are not called upon to use standard environments, but to assess the material found in arbitrary ones. The presentation of network intrusions and attacks, in chapter six, has clear representation of the concepts, without deluging the reader with quickly dateable minutia. Chapter seven, turning to cybercrime prevention, presents general information security concepts, with a concentration on networks and cryptography. (As with many, Shinder seems to be fascinated with steganography out of all proportion to its importance.) Implementing system security, in chapter eight, is similar, but with greater emphasis on specific settings. (Although this is very helpful, particularly to the home user, it has limited application to forensics.) Chapter nine looks at cybercrime detection techniques, primarily audit information in its various forms. The collection and preservation of digital evidence is an important and difficult task. Chapter ten does not go into the same level of detail as Michael A. Caloyannides' "Computer Forensics and Privacy" (cf. BKCMFRPR.RVW), "Computer and Intrusion Forensics" by Mohay et al (cf. BKCMINFO.RVW), Kruse and Heiser's classic "Computer Forensics" (cf. BKCMPFRN.RVW), the somewhat challenging "Forensic Discovery" by Farmer and Venema (cf. BKFORDIS.RVW), and Brian Carrier's resourceful "File System Forensic Analysis" (cf. BKFSFRAN.RVW), but presents a broad overview, and has good advice on evidence management and a useful list of resources. Legal systems, types of laws, jurisdictional issues, and the preparation of a case is covered in chapter eleven, which extends "A Guide to Forensic Testimony" by Smith and Bace (cf. BKGDFOTS.RVW). For anyone just becoming involved in digital forensics, the book is an excellent introduction and overview of the field in its proper context. For those already involved, this manual is both a solid reminder of what needs to be taught to those becoming involved in computer forensics, and also a resource for a number of areas that the individual specialist may not cover every day. Despite the age of the work, in this fast changing environment, Shinder has produced a text of classic depth and lasting value. (Hopefully Syngress will get her to produce updates on a regular basis.) copyright Robert M. Slade, 2006 BKSOCCFH.RVW 20060809