BKCMCRIN.RVW 20020315 "Handbook of Computer Crime Investigation", Eoghan Casey, 2002, 0-12-163103-6 %E Eoghan Casey %C 525 B Street, Suite 1900, San Diego, CA 92101-4495 %D 2002 %G 0-12-163103-6 %I Academic Press/Academic Press Professional/Harcourt Brace %O U$39.95 800-321-5068 fax: 619-699-6380 dtrujillo@acad.com %P 448 p. %T "Handbook of Computer Crime Investigation" This book is hard to read. Not because of excessive technical rigour or depth: quite the opposite. The work lacks focus and direction, and appears to be a compilation of components without an assembly diagram. It's the type of material that might result from the "war stories" told around a security seminar, after the core curriculum had been taken away. Chapter one is entitled "Introduction," but, other than a statement that the book is supposed to be a resource for forensic examiners who may have to deal with computerized systems, there is almost no declaration of what the volume is about. The remaining material in the chapter, while it does have an obvious relation to the act of obtaining evidence from computers, does not have any clear structure. The points asserted are good advice, but appear to be relatively random thoughts. The text is neither readable nor lucid: in places it seems more like a parody of obfuscated academic papers. Chapter two is somewhat more understandable, offering an outline on how to prepare documentaiton for discovery. Unfortunately, while it does deal with some technical issues (original media is better than a bit-wise copy, which is better than a copy of a file), the material concentrates on lawyerly debates about what might be needed, and, after a great deal of verbiage, boils down to the recommendation to produce all possible documentation, but not too much. (Where the material does get technical it frequently goes too far, starting to deal with specific pieces of software, rather than concepts.) Part one looks at tools in forensic computing. Unfotunately, to a greater or lesser extent, the four chapters each deal only with a single tool or vendor; EnCase, Cisco's NetFlow logs, Network Flight Recorder, and NTI. Part two is entitled technology: it looks at operating systems, networks, and other system types. Chapter seven provides some details of the FAT (File Allocation Table) and NTFS (NT File System) structures, as well as print spool files. A miscellaneous collection of information about UNIX files is given in chapter eight. A similarly unstructured compilation is listed in chapter nine, which reviews network data. Wireless network analysis, in chapter ten, concentrates on cellular telephone systems, and really only throws out generic information about such setups. Chapter eleven's overview of embedded systems varies between a similar generality and unhelpful photographs of breadboarded circuits. Part three provides three case studies. While interesting (parts of the third are especially amusing), they really don't provide much in the way of assistance to anyone having to perform investigations. The authors and contributors seem to be much more involved in the law, and law enforcement, than in the technology of computer forensics. The book has no framework or structure within which to place the many details. Therefore, the material simply blends into a haze of trivia, rather than providing the promised handbook. For those seriously working in the field there are many helpful points of information, but organizing them is left as an exercise to the reader. copyright Robert M. Slade, 2002 BKCMCRIN.RVW 20020315