Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition

Cyber forensics is becoming a very interesting niche. and to keep up with Joe the bad guy or Jill the bad girl, one must keep up with technology, understand the reason why, and learn the optimum way on how capture the relevant data after a suspicious activity compromises a business, entity or data; This book is a very good resource to do just that. This is not a "for Dummies" or "introduction to" book, The author made sure the reader is aware of this in his Foreword "This text will not make you a cyber forensics investigator or technician, if you are not one already!" Reason I read this book was to use it as a tool to improve the procedures in my company's lab and understand the legal requirement as I collect evidence. I must say that Cyber Forensic 2nd Edition fulfilled that and more. I specially liked the immediate dive into the heart of what is important, from the definition, processes, legal issues to separation of audit from Cyber Forensics Investigations and this is the first chapter. It only gets better; I found Chapter 6 specially helpful, used most of its content and created a template to baseline the readiness of my company's Lab to "American Society of Crime Laboratory Directors Laboratory Accreditation Board". Although I agree with the author about EnCase's ridiculous pricing practice, I found the software review to be false. Encase does support the collection of enterprise network devices albeit uses an agent to do so. I suggest that Chapter 2 be revised, I also did not like the Author's "evaluation" of different tools and rating them, this fact almost stopped me from reading the rest of the book, I also had issues with chapter 7, I suggest the 3rd edition of this book consider adding network acquisition of forensic evidence in the flowchart, also adding the legal and HR in the process flow(for corporate users) and change calling the roll or the term IT Security officers to Information Security officers (smart companies are separating Infosec from IT). Also in the same chapter I agree with the Incident response team to eradicate Virus infection but the entire process should have been modeled after the NIST SP800-61 or a similar Document, the author did a best effort but not a good one. In conclusion, I like this book, including most of its useful Appendices. Best Fishes and thank you for reading.

This book is an excellent follow-on book to Computer Forensics: Incident Response Essentials by Kruse and Heiser, which introduces the fundamentals. This book goes much deeper and is more technical than the Kruse and Heise, therefore the ideal audience is practicing professionals who have prior experience in forensics and a wide range of hardware, software and network knowledge.Tools and techniques are presented in painstaking detail. I was unable to find a single gap or omission, which speaks highly of the editorial and review process behind this book's 464 pages. While most technical disciplines can dispense with finer details, the nature of forensics is to overlook nothing. If you find the step-by-step thoroughness boring that is an indication that forensics may not be your forte; if you're an experienced professional you'll appreciate the coverage of every technique or use of tools. While the discussion of tools and techniques will satisfy even the most experienced practitioner, I found the detailed discussion of legal aspects, HR considerations and overall security and incident response processes to be the book's strongest points. This area is what sets forensics experts apart from technicians, and it is here that the book (in my opinion) adds the most value. Procedures ranging from how to properly gather, preserve and control evidence, to legal considerations for designing processes are covered in clear language, as are US and international legal guidelines.Parts that I especially like include: intrusion management and profiling, up-to-date information on electronic commerce legal issues, the numerous checklists and cited resources, and the clearly delineated process for dealing with incidents.If you're new to forensics you will probably get more from this book by first reading Computer Forensics: Incident Response Essentials by Kruse and Heiser. If, however, you have previous computer forensics experience or are currently serving in that role this book is probably one of the best investments you can make.