|
 |
|
 |
 |
Computer Evidence: Collection and Preservation (Networking Series)
|
by Christopher LT Brown
Sales Rank: 170658
|
Discount: 46 %
List Price: $49.95
$32.97
At Amazon
|
|
Paperback: 416 pages
Publisher: Charles River Media; 1 edition October 3, 2005
Language: English
ISBN-10: 1584504056
ISBN-13: 978-1584504054
Product Dimensions:
9.1 x 7.2 x 1.1 inches
Shipping Weight: 1.8 pounds
Book Description
Computer Evidence: Collection and Preservation teaches law enforcement and computer forensics investigators how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. The book focuses on collection and preservation because these two phases of computer forensics are the most critical to evidence acceptance, but are not thoroughly covered in text or courses. Throughout the book, a constant eye is kept on evidence dynamics and the impact investigators can have on data integrity while collecting evidence. The simple act of a computer forensics investigator shutting down a suspect's computer changes the state of the computer as well as many of its files, so a good understanding of evidence dynamics is essential when doing computer forensics work. Broken up into five parts, Computer Forensics & Evidence Dynamics, Information Systems, Data Storage Systems & Media, Artifact Collection, and Archiving & Maintaining Evidence, the book places specific focus on how investigators and their tools are interacting with digital evidence. By reading and using this task-oriented guide, computer forensics investigators will be able to ensure case integrity during the most crucial phases of the computer forensics process.
About The Author
Christopher L.T. Brown (Coronado, CA) is the founder and CTO of Technology Pathways LLC, a provider of computer security tools and services for the corporate IT, government, and legal communities. He has over 20 years of experience in computer security and holds numerous career certifications from UCSD, (ISC)2, Microsoft, CISCO, CompTIA, and CITRIX including a CISSP certification. He is an author of Building an Intranet with Windows NT 4 and Web Site Construction Kit for Windows NT and has spoken at numerous conferences around the globe on the subject of computer forensics.
Customer Reviews & Comments
It seems that a lot of books on forensics concentrate on making a disk image of the hard drive being examined, filtering the information on the disk, and presenting it in proper format for court use. However, collecting and preserving the evidence is much more than imaging the hard disk. If the computer is still on then evidence may be in memory, potential evidence may be on routers, proxy servers, etc. This book details this part of forensic evidence gathering, an area often just skimmed over in other computer forensics texts. This is a critical aspect of investigation because it does not matter how well your filtering works and how much evidence you obtain if your data preservation was not done correctly and the evidence is inadmissible in court. Evidence dynamics is covered in detail and the author does a better job of this than any other forensics book I have read. Evidence dynamics is how to keep the evidence from disappearing or changing. Just the act of shutting down a computer changes temporary files, open processes, swap file information, and many other items that may be necessary for a thorough investigation. Even the appendixes are valuable and contain several excellent sample forms including chain of custody, evidence collection, and evidence access worksheets. If you are involved in either the collection or the maintenance of data for a potential court case then you will be interested in this book. Alternatively, if you are trying to discredit an expert witness then the information presented here may also provide areas of attack. Either way Computer Evidence Collection and Preservation is highly recommended.
Comment | Permalink |
(Report this)
|
Computer Evidence: Collection and Preservation (Networking Series)
List Price: $49.95
Discount: 46 %
Available from Amazon
Price: $32.97
| |
|
|
|
|
