This book includes a plain text version that is designed for high accessibility. To use this version please follow this link.
/ BOOK REVIEWS
BOOK REVIEWS
age will hold up in a court of law. This is done by following ap-
propriate procedures and using write blocking tools. Detailed
information is provided on creating images with commercial
and open source products.
Part four, Forensic Analysis Techniques, is the longest sec-
tion of the book. It covers a myriad of techniques that can be
used to squeeze the last drop of useful information from data.
The topics include:
• Recovering deleted fi les
• Electronic discovery
• Reconstructing web browsing and email activity
Real Digital Forensics: • Windows registry reconstruction
Computer Security and Incident Response • Analysis of different forensic tools sets for Windows an
Unix/Linux
Authors: Keith J Jones, Richard Bejtlich, Curtis W Rose • Analysing unknown fi les.
Publisher: Addison-Wesley
Date of Publication: 3 October 2005 These chapters provide the critical information that is
ISBN-13: 978-0-321-24069-9 needed for most forensic examinations.
List Price: £35.90 (UK), $59.99 (USA) Part fi ve, Creating a Complete Forensic Toolkit, deals with
Reviewer: Chris Bilger tools for Windows and Unix/Linux and how to create a robust
toolkit that will aid a forensic investigator during examina-
tions. It shows how to make sure the tools that are used do
Although “Real Digital Forensics: Computer Security and not alter information on the host system. Additional informa-
Incident Response” was published as long ago as 2005, it still tion is given on how to make a bootable Linux distribution that
provides a solid all-round introduction to IT forensics. (A new includes the tools.
edition entitled “Real Digital Forensics 2” is planned for mid- The sixth section, Mobile Forensics, discusses forensics
2010). Weighing in at 688 pages, this book covers Windows, as applied to mobile devices. It covers multiple tools
Unix and Linux and explains digital forensics from the perspec- that can be used for forensic analysis of a Personal Digital
tives of incident response and case law. It also discusses in Assistant (PDA). Chapters are devoted to creating duplications
depth a number of commercial and open source tools used to of USB devices and compact fl ash cards and the analysis of
perform forensic analysis. The DVD which accompanies the these devices.
book contains several sets of sample intrusion data generated The last section of the book, Online-Based Forensics, looks
by attacking live systems, and is extremely useful for practice into popular on-line email sites and how to track emails sent
forensic examinations. through these services. It also investigates ways to determine
The fi rst section, Live Incident Response, shows how to domain name ownership. There is an appendix that introduces
carry out an incident response process on Windows and the Perl scripting language, which can be useful for sorting
Unix platforms. It covers the types of information to collect through large amounts of data.
from a machine, what to look for, and why this information is This book is easy to read and comprehend, and its authors
important in determining that an attacker has compromised have an abundance of experience in the fi eld of forensics and
a resource. incident response. Keith Jones has been an expert witness
The next part, Network-Based Forensics, looks into the on several cases. Richard Bejtlich is Director of Incident Re-
different kinds of data that can be collected on a network. It sponse at the General Electric Company and author of
examines how to use each type of data in a forensic examina- the TaoSecurity blog; he has written and contributed to a
tion, and describes the tools used to capture different kinds number of other books on IT security (Extrusion Detection:
of data. As before, specifi c details are given on analysing Security Monitoring for Internal Intrusions, The Tao of
evidence on different operating systems. Network Security Monitoring: Beyond Intrusion Detection…)
The third part, Acquiring a Forensic Duplication, is devoted Curtis Rose has 18 years of experience in computer foren-
to creating a sound forensic image. It is important that suit- sics and Information Security, and leads teams that conduct
able guidelines are followed so the process of creating an im- computer examinations.
48 Digital / ForensicS
DF1_48-49_Book Reviews.indd 48 29/10/09 5:24:34 pm
Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52
Produced with Yudu - www.yudu.com