Computer Forensics: Computer Crime Scene Investigation (With CD-ROM) (Networking Series)

The mightiest fortresses in the world can fail, and when that happens all you can do (you being the person responsible for castle security) is figure out what went wrong, what damage was done, and by whom. If the castle was located in the right kind of kingdom--to take a metaphor too far--you can hope to prosecute the perpetrator. Computer Forensics: Computer Crime Scene Investigation explains how to gather evidence of computer crimes in such a way that it will be more likely to lead to a conviction in a criminal court. It's an interesting legal area--after all, it's almost always you, and not any law enforcement agency doing the surveillance and evidence-gathering on your computer systems--and John Vacca has done a fair bit of research. This book will probably expand your thinking on the subject of information security.

On the other hand, though Vacca gives good general advice (don't lose volatile information by shutting a compromised machine down midattack; do be prepared to translate memory dumps into jury-readable form), he sometimes meanders into generalizations and irrelevancies. The fact that terrorists distribute their plans via public Web sites is certainly scary, but hardly helpful to someone wanting to prosecute the guy who vandalized the corporate Web site. Similarly interesting, but practically irrelevant to most of us, are discussions of high-energy radio frequency (HERF) and electromagnetic pulse (EMP) weapons that can knock out information systems from a distance. More focus on evidence collection in organizational computing environments would make this book useful, rather than just generally informative. --David Wall

Topics covered: How to gather evidence of a hack attack after the fact, and a lot of general-interest information on the state of crime and law enforcement in computer technology. Coverage is almost all general in nature, dealing with how to formulate a strategy and deal with events without getting into details of any operating system or computing environment.