Rating: 
Summary: Computer Forensics
Review: "This is by far the most useful source of information on this subject -- clearly written, current, and technically insightful. I was impressed to see information not only about better-known programs, but also indispensable tools like Tom's Root & Boot."
Rating: 
Summary: Good reference for Computer forensics basic
Review: A well organized book begins with clear and precise explanation on the basic of computer forensics.Chapter 3 provides good technical information on storage media. And it goes on forensics in Windows and Unix from Chapter 8 throught Chapter 11. The section I like the most is Appendix A, which gives you comprehensive guidelines in dealing with incident response (a good sell to senior management). It is not a technical reference book but it is one of those "have-to-have" introduction books for anyone who is new in this field.
Rating:
Summary: Good reference for Computer forensics basic
Review: A well organized book begins with clear and precise explanation on the basic of computer forensics. Chapter 3 provides good technical information on storage media. And it goes on forensics in Windows and Unix from Chapter 8 throught Chapter 11. The section I like the most is Appendix A, which gives you comprehensive guidelines in dealing with incident response (a good sell to senior management). It is not a technical reference book but it is one of those "have-to-have" introduction books for anyone who is new in this field.
Rating:
Summary: A Much Needed Primer
Review: As a high technology crimes prosecutor in Silicon Valley, this book is just what I've been waiting for. While not an exhaustive treatise on the minutia of computer systems and forensic tools, the authors provide a comprehensive overview of investigative approaches, tools, and techniques desperately needed in the field. This book should be a must read for investigators (public and private), attorneys, and system administrators, as well as corporate management responsible for overseeing either personnel, or the security of network infrastructure and information assets. Both an excellent primer on the developing field of computer forensics and a good resource from which to launch more in depth research into a specific area in the field. While many of the previous works in this field proved to be either uninformative cursory overviews or mind numbing forays into the depths of the arcane, the authors have struck a good balance that makes for an enjoyable and informative read. Not the end all, be all of computer crime investigation, but a damn fine starting point.
Rating:
Summary: Easy to read and understand style applied to complex issues.
Review: As the title indicates this text is one of the "essentials." When it comes to crimes committed with and by the computer, it is no easy task to train and relate the process. Kruse and Heiser, in clear no nonsense language have relayed the complexities of forensic examination quiet well. Computer Forensics is a fundamental guide that takes on the task of describing the process, details and intricacies including the societal and legal aspects. (a point often missed by technical writers) This is a must read for technologists familiar with computer and network operations, but unfamiliar with computer crime issues. On the other side of the coin, a user new to this arena will benefit greatly with their start to finish approach in each chapter. This book is perfect for a classroom environment and as a reference work.
Rating:
Summary: Très complet.
Review: Ce livre présente dans un langage très clair l'essentiel de la recherche de preuves numériques. La couverture est d'ailleurs très représentative du contenu, les sciences forensiques, et en particulier celles relatives aux ordinateurs prenant une importance de plus en plus grande . Les lecteurs trouveront dans le Guide du Cyberdétective paru aux Editions Chiron des applications pratiques de ces investigations dans la vie courante. Les deux ouvrages se complètent, bien que le dernier n'existe pour l'instant qu'en Français.
Rating:
Summary: Great for general computer forensics information
Review: Computer Forensics, Incident Response Essentials, is a great book for two groups of people:
1) All computer forensics investigators looking for a better description of the process of collecting and analyzing
data. The book provides great descriptions of the methods for maintaining chain of custody and storage. This is done through the use of example forms and scenarios. Since evidence handling principles are easily overlooked, this book seeks to provide pragmatic techniques for proper evidence preservation.
2) Someone interesting in learning what computer forensics is about. This book is great at providing a high-level description of what computer forensics is used for and how it works. The book does not go into intricate detail on any one software package. Instead, it provides you with a great overview description of numerous software packages and tools. By doing this, the reader can attain a better understanding of what value computer forensics can provide. Since the field is relatively new, it is important for people to understand what computer forensics is capable of.
I highly recommend this book if you are just getting into the field, or if you are tired of reading books that continually tout Encase as the only solution. This book is a critical addition to any computer forensic investigators library.
Rating:
Summary: An Intro to Computer Forensics.
Review: Computer Forensics: Incident Responce Essentials
By Warren G. Kruse and Jay G. Heiser. It is perhaps an unfortunate truth, but in todays world
even small to mid-sized businesses need to understand the
risks they face with computer crime. All businesses need
to be able to respond in a proper and effective fashion
according to their needs and situation. Computer Forensics: Incident Response Essentials is an excellent
introduction to the tools, techniques and methodologies to
use in the event that your business become a victim of computer
crime or lesser, non criminal computer misuse. All businesses
large or small should have a structured plan in place to handle
such an emergency and this book is a good first read if your
company does not. As an NT Administrator I may not sleep as well after reading the
section on NT Streams but at least I now know what to look for.
Many tools and there uses are mentioned in the book and in many
cases including NT Streams, the tool is even free. The basic
formula to conduct an incident response or investigation into
a computer breach is covered. After all, if you can't find out
what happened, how are you going to prevent it from happening
again?
Rating:
Summary: Good intro to computer forensics
Review: For those who are more comfortable in a command-line setting, Computer Forensics does a good job of detailing how to use low-level Unix functionality in the process of a computer crime investigation. Chapter 3, "The Basics of Hard Drives and Storage Media," provides a good overview of what really goes on inside a hard drive. The chapter includes a good section on how criminals use unallocated space on a hard drive for data storage that is often missed by forensic examiners. Chapters 8 through 11 examine the details of Windows and Unix system investigations. The two operating systems are obviously different, so the examiner must know how to perform the specific tasks in each environment. Chapter 12 closes the book with an introduction to the Criminal Justice system. This is important if the gathered evidence is to be used in a court of law. Although he or she needn't be a lawyer, the examiner must know what the lawyers will most likely attack, so as to ensure the evidence can indeed be used in court.
Rating: 
Summary: Suitable for newbie incident responders or non-IT staff
Review: I am a senior engineer for network security operations. I read "Computer Forensics: Incident Response Essentials" (CFIRE) because I am responsible for performing intrusion detection and incident response on a daily basis. Those with similar skills will probably consider CFIRE too basic. Those working outside the information technology world may find CFIRE enlightening.
I'm a graduate of the SANS System Forensics, Investigation, and Response course and have read "Incident Response: Investigating Computer Crime" (IRICC) by Mandia, Prosise, and Pepe. In my opinion, CFIRE does not offer any new or truly significant material. For example, chapter 2 ("Tracking an Offender") offers several pages on how to find the headers in Outlook messages. Elsewhere, one discovers very elementary information on UNIX commands, searching Windows hard drives, and understanding UNIX file systems. All of this appears in other books or is common knowledge for IT staff.
I was disappointed that the impressive reviewer list did not detect several errors. As a fairly young network engineer, I still recognized this mistake on page 32: "When you dial to an ISP with a modem, you might use a layer 3 protocol called Point to Point Protocol (PPP). Referring back to Figure 2-1, layer 3 is the network layer, and in the case of a dial-up connection, PPP replaces IP." Untrue -- PPP is actually a layer 2 protocol; IP is used above PPP. Furthermore, figure 2-1 on page 24 presents numerous problems: NetBEUI spans layers 3 to 5 (not 3 to 4), web browsers and email clients do not belong at layer 7 (they are applications which call layer 7 protocols), and so on. Also, page 121 claims "you cannot delete an alternate stream from the command line." However, page 193 of "Hacking Exposed: Windows 2000" demonstrates how to remove streams.
On the positive side, CFIRE will probably not scare non-IT staff. They will probably find the numerous tables, screen shots, and references useful. This book could be viewed as a gentle introduction to the incident response and forensics field, especially for the Microsoft Windows crowd.
Two types of staff wear "computer forensics" hats. The first type investigate misuse of computers, typically by authorized personnel. This group is happy to know how to image a drive and search the copy for signs of illicit images or software. The second type investigates compromises, where unknown (usually remote) parties have penetrated a network and used machines for their own purposes. This group will be unsatisfied when CFIRE states on page 132 "we don't anticipate that most readers of this book will become this specialized." If you need that deep level of knowledge, read "Incident Response: Investigating Computer Crime."
(Disclaimer: The publisher provided a free review copy.)
| 
