Computer forensics is a domain of growing importance, similar to all security-related services, and the number of new books in this area is increasing rapidly.
This book starts off with a discussion of the reasons a company might need computer forensics and the details that are important when hiring outside services. Although the first chapter contains a lot of relevant information, there are some parts that reiterate common knowledge not specific to computer forensics. For example, page 14 describes differences between services available during normal business hours (9 a.m. to 5 p.m., Monday through Friday) and on the weekends. Some topics are discussed in more detail than necessary.
In Part 1, an overview of systems and forensic services is provided. The systems described are very different in nature and complexity (for example, storage area network security systems, identity theft, and homeland security systems). Part 2 addresses how to recover data, and how to seize and store evidence. Copying of digital evidence--a fundamental step in most forensic analyses--is explained. Part 3 focuses on forensic analysis. The usual steps are identifying data and subsequently reconstructing past events. Network forensics is explained in chapter 12. Part 4 covers the timely topic of information warfare. While this part is fun to read and provides readers with a lot of new insight, the author seems to drift away from the book’s main topic: computer forensics. Part 5 summarizes and concludes the book. The appendices provide additional information. The enclosed CD-ROM contains white papers and some tools by different vendors. Appendix G (“About the CD-ROM”), however, fails to list the tools or how to use them. This makes exploring the CD-ROM rather tedious.
The book is certainly worth reading. The language is entertaining, and nonexperts can learn a lot. The entire book is easy to read and understand, making it ideal for people who want to know more about computer forensics. To become an expert in computer forensics, however, I recommend reading the books by Casey [1] (my first choice) and Farmer and Venema [2] (my second choice).