|
 |
|
 |
 |
Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide...
|
by Terrence V. Lillard
Sales Rank: 522066
|
List Price: $69.95
$63.20
At Amazon
|
|
Paperback: 368 pages
Publisher: Syngress; 1 edition June 16, 2010
Language: English
ISBN-10: 9781597495370
ISBN-13: 978-1597495370
ASIN: 1597495379
Product Dimensions:
9 x 7.5 x 1 inches
Shipping Weight: 1.4 pounds
Review
"Syngress [is] by far the best publisher of digital forensics and general security books.I would strongly recommend that you read Digital Forensics for Network, Internet and Cloud Computing .as this book really does cover a plethora of issues that we'll all have to face, maybe sooner than we think." -Tony Campbell, Publisher, Digital Forensics Magazine
Customer Reviews & Comments
Digital Forensics for Network, Internet, and Cloud Computing (DFFNIACC) is one of the worst books I've read in the last few years. You may wonder why I bothered reading a two star book. Blame a flight from the east coast to Las Vegas and not much else to read during those five hours! DFFNIACC is a jumbled collection of incoherent thoughts, loosely bound by the idea of "forensics" but clearly not subjected to any real planning or oversight. This book is very similar to the Syngress book "Botnets" which I gave 2 stars in 2008, and as you might expect features one of the same authors. Save your money and skip DFFNIACC; only the chapter on NetFlow and another offering a general overview of NetWitness are worth reading.
DFFNIACC features all the worst qualities one sometimes finds in Syngress books: nonexistent copyediting, haphazard assortments of uncoordinated chapters from multiple authors, worthless filler chapters, and a lack of focus. I am convinced that no one read this book, or even a rough outline, and asked "what are you talking about?" For example, chapter 1 (the only section in "Part I: Introduction") is titled "What is network forensics?" but the chapter is all about "the Cloud." What? Similarly, Part VI, "The Future of Network Forensics," features two chapters -- "The Future of Cloud Computing" and "The Future of Network Forensics." Again, what is this obsession with "Cloud" and network forensics? I am fully aware of cloud providers who successfully use network forensics in certain circumstances, but network forensics is not some special approach designed for clouds.
On the "filler" topic, chapter 4 is a waste of 16 pages. Can anyone explain why the reader needs an overview of TCP headers, but no other aspects of network traffic? The following chapter, called "Using Snort for Network-Based Forensics," is worthless. The reader sees 19 pages yet no example output.
Elsewhere, I question the author's technical awareness. For example, p 25 says "The Advanced Packaging Tool apt-get utility can be used to retrieve and install tcpdump in most Unix implementations." Maybe that's true for Debian-based Linux operating systems, but I don't see too many Unix admins using Apt elsewhere. On p 35 the author says, while discussing recommended snap lengths for capture, "If you are interested in DNS data, you should set s = 4096 or greater." Why? On p 28 the author writes that the -w option for tcpdump "writes the results to file. This could also be accomplished by IO redirection at the command line." No, if you use "IO redirection" you're going to write a text-based representation of traffic to disk, not the libpcap format version of network traffic enabled by -w.
I unfortunately found other sections to be just annoying. Several times in the book the author mentions "our ISP" and "Portland State University." This is supposed to be important, because...? These chapters required a copyeditor to sit down with the author and ask "how do you think a reader is supposed to make sense of this material?" Regarding figures in the book, multiple diagrams (2-16, 3-17, etc.) are completely unreadable. Others are fuzzy, show text far too small, or otherwise add nothing. The book probably introduces three or more competing "models" or discussions of detection and response, clearly reflecting the multiple authors. Why didn't they collaborate on one section? Finally, I was very annoyed to see on p 306 the author clearly paraphrase work I had done on the four forms of Network Security Monitoring data. Unfortunately, despite citing other authors, they ignore my work and don't even really understand what they're talking about.
The only bright spot in this book is chapter 6, and that is because it covers NetFlow v9. Most books on NetFlow don't cover v9, so I liked seeing at least some coverage. The chapter was fairly well written as well.
In short, skip DFFNIACC. It's as bad as "Botnets." I want several hours of my life back.
|
Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide...
List Price: $69.95
Available from Amazon
Price: $63.20
| |
|
|
|
|
