Rating: 
Summary: Informative
Review: This is one of the most recent release (in year 2003) in the topics, and it is imformative in technical, procedure wide, and legal consideration.There are rooms for improvement in structurinng between paragraph and addition of more detailed information. Jumping in the Chapter 7 - Procedures for Collecting and Preserving Evidence: First area of improvement - Right after the section in Underestanding Volatility of Evidence is Creating a Real-Mode Forensic Book Disk. Heading of each section can be more clear in using numbering. It is a bit confuse when you talk about volatile information and then in the next section in creating Boot Disk that is for inspecting non-volitale information. Second area of improvement - Regarding importance of evidence preservation, the book does not teach you HOW - e.g. technically using MD5 and procedure wide asking third party and/or suspect to verify information obtained. Overall, it is a good reference book in knowing computer forensic. Final word: One thing about the book I like is the inclusion of software version in the CD which is handy for reading it when need.
| 
