CyberForensics: Understanding Information Security Investigations (Springer's Forensic... at Dominant Systems Book Store

This fascinating and highly topical subject has a history dating back to the secret world of 1970s Cold War espionage, when the US military and Central intelligence agencies, aided by the latest mainframe systems, were the first to use computer forensics techniques in counterintelligence. In the decades since, cybercrime has emerged from the obscurity of low-level prosecution evidence to become a serious cross-border crime issue, while cyberforensic investigators have moved on from drug, murder, and child pornography crimes that were facilitated by computers, and are now tackling headline-grabbing cyber bank robbery, identity theft, and corporate spying. With little consensus as yet on the qualifications required to become a cyberforensic investigator, Cyberforensics: Understanding Information Security Investigations assembles the varying perspectives of pioneers and key figures in the field. All the authors have more than 10 years’ experience in successfully investigating cybercrime, and some more than 20. Through real-life case studies the chapters introduce the reader to the field of cybersecurity, starting with corporate investigation, and progressing to analyze the issues in more detail. Taking us from accounting cyberforensics to unraveling the complexities of malware, the contributors explain the tools and techniques they use in a manner that allows us to map their methodology into a more generic understanding of what a cybersecurity investigation really is. Above all, Cyberforensics shows that there is a cohesive set of concepts that binds cybersecurity investigators to a shared vision. These core ideas are now gaining importance as a body of knowledge that cyberforensics professionals agree should be a prerequisite to the professional practice of information security.

Customer Reviews & Comments
CyberForensics: Understanding Information Security Investigations is a new book written by a cast of industry all-stars. The book takes a broad look at cyberforensics with various case studies. Each of the books 10 chapters takes a different approach to the topic. The book is meant to be a source guide to the core ideas on cyberforensics. The book notes that there is a cohesive set of concepts that binds cybersecurity investigators to a shared vision, of which is tries to be a source to. But at 150 pages, while all of the chapters are well-written and enlightening, the book does not have the breadth and depth needed to be a single source of all things cyberforensics. Jennifer Bayuk is the books editor, who also wrote the introduction. Bayuk's introduction provides a historical background to the subject and puts things into context. The chapter uses a fantastic visual tool to explain the complete cyberforensic framework. Chapter 2 is about the Complex World of Corporate CyberForencisc Investigations, and does a good job of detailing the various elements involved in getting various corporate departments integrated during an investigation. IT in an enterprise setting is fraught with challenges. Performing a forensic investigation in enterprise IT is even more challenging. Often these groups have different agendas and react quite different to a forensic event. The author uses the analogy of a puzzle, which can be complex to put together, but is challenging and necessary nonetheless. Many of the chapters take a broader view of the topic, while others are quite detailed. Perhaps the best chapter in the book is chapter 6 - Analyzing Malicious Software from Lenny Zeltser. The chapter is an outgrowth of Zeltser's SANS Security 569 course on the topic. The chapter use of a case study to detail the behaviors analysis of malicious code provides an excellent synopsis of how to analyze and debug malicious code. Chapter 7 on Network Packet Forensics from Eddie Schwartz is another exceptional chapter that provides the reader with a walk-through of using various digital forensic input to solve an incident. Chapter 10 in Cybercrime and Law Enforcement Cooperation is about how to interface with law enforcement during a cyberforensic investigation. This may be the Achilles heel of forensics is that getting external cooperation is difficult at best, and often impossible. A recent example of this is when a friend of mine who had detailed information about the source of the Stuxnet worm. He attempted to share the information with law enforcement without much success. The various organizations were not receptive to it and didn't to take action on his well-researched claims. The book is written for an experienced practitioner who wants an overview of current trends. This is not a for dummies type of book. Readers are expected to be comfortable with varied topics such as Wireshark packet capture, code analysis, investigations, and more. Those looking for an introduction to cyberforensics should definitely consider another title such as Computer Forensics for Dummies. A problem with books of collaborations such as this is that they often lack a consistent stream of thought. This book is suffers from that, but to a limited degree. It is impossible for ten different authors wring about the same subject not to have different styles. An example of that is the use of the spelling of both CyberForensics and Cyberforensics in the book. At 150 pages, the book is a relatively quick initial read, and covers numerous interesting areas. The only downside to the book is that it has a prohibitive list price of $189.00 A month after its release, that price may be the reason why it has an Amazon Bestsellers Rank of #1,399,835. While the book has excellent content, its exorbitant price will simply ensure that its sales will be eclipsed by the Pocket Oxford Latin Dictionary, coming in way ahead with an Amazon Bestsellers Rank of 182,392.

Back To Top