Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Book Review: Digital Evidence and Computer Crime

samzenpus posted more than 2 years ago | from the read-all-about-it dept.

Book Reviews 49

brothke writes "When it comes to a physical crime scene and the resulting forensics, investigators can ascertain that a crime took place and gather the necessary evidence. When it comes to digital crime, the evidence is often at the byte level, deep in the magnetics of digital media, initially invisible from the human eye. That is just one of the challenges of digital forensics, where it is easy to destroy crucial evidence, and often difficult to preserve correctly." Read on for the rest of Ben's review.For those looking for an authoritative guide,Digital Evidence and Computer Crimeis an invaluable book that can be used to ensure that any digital investigation is done in a formal manner, that can ultimately be used to determine what happened, and if needed, used as evidence in court.

Written by Eoghan Casey, a leader in the field of digital forensics, in collaboration with 10 other experts, the book's 24 chapters and nearly 800 pages provide an all-encompassing reference. Every relevant topic in digital forensics is dealt with in this extraordinary book. Its breadth makes it relevant to an extremely large reading audience: system and security administrators, incident responders, forensic analysts, law enforcement, lawyers and more.

In the introduction, Casey writes that one of the challenges of digital forensics is that the fundamental aspects of the field are still in development. Be it the terminology, tools, definitions, standards, ethics and more, there is a lot of debate amongst professionals about these areas. One of the book's goals is to assist the reader in tackling these areas and to advance the field. To that end, it achieves its goals and more.

Chapter 1 is appropriately titled Foundation of Digital Forensics,and provides a fantastic overview and introduction to the topic. Two of the superlative features in the book are the hundreds of case examplesand practitioners' tips. The book magnificently integrates the theoretical aspects of forensics with real-world examples to make it an extremely decipherable guide.

Casey notes that one of the most important advances in the history of digital forensics took place in 2008 when the American Academy of Forensic Sciences created a new section devoted to digital and multimedia sciences. That development advanced digital forensics as a scientific discipline and provided a common ground for the varied members of the forensic science community to share knowledge and address current challenges.

In chapter 3 – Digital Evidence in the Courtroom– Casey notes that the most common mistake that prevents digital evidence from being admitted in court is that it is obtained without authorization. Generally, a warrant is required to search and seize evidence. This and other chapters go into detail on how to ensure that evidence gathered is ultimately usable in court.

Chapter 6 – Conducting Digital Investigations – is one of the best chapters in the book. Much of this chapter details how to apply the scientific method to digital investigations. The chapter is especially rich with tips and examples, which are crucial, for if an investigation is not conducted in a formal and consistent manner, a defense attorney will attempt to get the evidence dismissed.

Chapter 6 and other chapters reference the Association of Chief Police Officer's Good Practice Guide for Computer-Based Electronic Evidence as one of the most mature and practical documents to use when handling digital crime scenes. The focus of the guide is to help digital investigators handle the most common forms of digital evidence, including desktops, laptops and mobile devices.

The Good Practice Guideis important in that digital evidence comes in many forms, including audit trails, application, badge reader and ISP and IDS logs, biometric data, application metadata, and much more. The investigator needs to understand how all of these work and interoperate to ensure that they are collecting and interpreting the evidence correctly.

Chapter 9 — Modus Operandi — by Brent Turvey is a fascinating overview of how and why criminals commit crimes. He writes that while technologies and tools change, the underlying psychological needs and motives of the offenders and their associated criminal behavior has not changed through the ages.

Chapter 10 – Violent Crime and Digital Evidence — is another extremely fascinating and insightful chapter. Casey writes that whatever the circumstances of a violent crime, information is key to determining and thereby understanding the victim-offender relationship, and to developing an ongoing investigative strategy. Any details gleaned from digital evidence can be important, and digital investigators must develop the ability to prioritize what can be overwhelming amounts of evidence.

Chapter 13 – Forensic Preservation of Volatile Data — deals with the age-old forensic issue: to shut down or not to shut down? It provides a highly detailed sample volatile data preservation process for an investigator to follow to preserve volatile data from a system. There is also a fascinating section on the parallels between arson and digital intrusion investigations.

Part 4 of the book is Computers, in which the authors note that although digital investigators can use sophisticated software to recover deleted files and perform advanced analysis of computer hard drives, it is important for them to understand what is happening behind the scenes. A lack of understanding of how computers function and the processes that sophisticated tools have automated make it more difficult for digital investigators to explain their findings in court and can lead to incorrect interpretations of digital evidence.

Chapter 17 – File Systems– has an interesting section on dates and times. Given the importance of dates and times when investigating computer-related crimes, investigators need an understanding of how these values are stored and converted. The chapter has a table of the date-time stamp behavior on both FAT and NTFS file systems. Time stamps are not a trivial issue, as there are many different actions involved (file moved, deletion, copy, etc.) that can affect the date-time stamp in very different ways.

A better title for Digital Evidence and Computer Crime might be the Comprehensive Guide to Everything You Need to Know About Digital Forensics. One is hard pressed to find another book overflowing with so many valuable details and real-world examples.

The book is also relevant for those who are new to the field, as it provides a significant amount of introductory material that delivers a broad overview to the core areas of digital forensics.

The book progresses to more advanced and cutting-edge topics, including sections on various operating systems, from Windows and Unix to Macintosh.

This is the third edition of the book and completely updated and reedited. When it comes to digital forensics, this is the reference guide that all books on the topic will be measured against.

With a list price of $70.00, this book is an incredible bargain given the depth and breadth of topics discussed, with each chapter written by an expert in the field. For those truly serious about digital forensics,Digital Evidence and Computer Crime is an equally serious book.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×

49 comments

Sorry! There are no comments related to the filter you selected.

Ethics (1)

Synerg1y (2169962) | more than 2 years ago | (#37473678)

So, who would actually use this NOT to try and subvert law enforcement?

I don't remember the name, but there was a book written about how to commit the perfect murder, and there was this huge thing about how a guy got off the hook because of the book and how liable the author was, etc...

The argument was that by creating the book, the author was an accomplice, of course the only path to proving something like this is through pure ethics, (ethics != legal).

I wonder if somebody used something like this book to subvert law enforcement data collection techniques and they just so found a copy of this book by the computer... would they try to blame the author? :P

Re:Ethics (1)

alendit (1454311) | more than 2 years ago | (#37473770)

A long as arms manufacturers are not held liable for every killing done by their equipment I don't see why this guy should.

Re:Ethics (1)

Synerg1y (2169962) | more than 2 years ago | (#37473864)

There's a very grey line here that may not be so obvious, I remember how the first was explained to me in school, it's ok to yell "f the government" in front of capital hill, but it's not ok to yell fire in a packed movie theater room. That's because the latter can cause harm onto others, thus imposing the consequences of your speech onto others and there are consequences for doing that.

http://en.wikipedia.org/wiki/Schenck_v._United_States [wikipedia.org] and to make things worse...
http://en.wikipedia.org/wiki/Brandenburg_v._Ohio [wikipedia.org]

This spills over into books just as easily, make sense?

Re:Ethics (2)

slashqwerty (1099091) | more than 2 years ago | (#37474814)

it's not ok to yell fire in a packed movie theater room

The concept here is that yelling fire in a packed movie theater creates a "clear and present danger [wikipedia.org] ". It is clear that yelling it will cause people to run for their lives, and it is present in that people will react before cooler heads can put things into perspective. With a book, the reader has plenty of time to consider the consequences of their actions. So no, I don't think it spills over into books.

Also note the "clear and present danger" test was replaced in 1969 with "imminent lawless action" which is more strict.

Re:Ethics (1)

justforgetme (1814588) | more than 2 years ago | (#37477556)

Well, as you said, it is a very gray line. Making, or not, sense of it is more of an academic exercise than anything else. The legal system is a shit storm of badly depicted ideals and foul wishing. All you can reliably do is just acknowledge this ambiguity's existence and move on.

On another note: crying "Fire" in a packed theater is probably the best way to get "/permanently?/" rid of the hysteric idiot that will start jelling at their spouse in the middle of the play. Just saying...

Personal opinion: Knowledge is not incriminating or a crime

Re:Ethics (1)

Meshach (578918) | more than 2 years ago | (#37473884)

A long as arms manufacturers are not held liable for every killing done by their equipment I don't see why this guy should.

Maybe because the arms manufacture does not also show people novel ways to kill someone and escape any responsibility for their actions? Selling someone a gun is different from providing them a detailed plan to murder someone and get away with it.

Re:Ethics (1)

justforgetme (1814588) | more than 2 years ago | (#37477566)

If you have to plan for something the only certain thing is that everything will not go as planed.

me

Re:Ethics (1)

Arancaytar (966377) | more than 2 years ago | (#37473830)

and there was this huge thing about how a guy got off the hook because of the book and how liable the author was, etc...

For false advertising? If it had been a perfect murder we wouldn't have heard about it...

Re:Ethics (1)

Ragun (1885816) | more than 2 years ago | (#37473856)

Culpable mental states play a large role in this kind of thing. This book is written with the obvious intent to educate, not to aid in crime. Intent matters in law.

Re:Ethics (1)

justforgetme (1814588) | more than 2 years ago | (#37477574)

Intent matters in law.

did not know that. Please elaborate

Re:Ethics (1)

sumdumass (711423) | more than 2 years ago | (#37478110)

Look up mens rea [wikipedia.org] . I'm not sure I could explain it much better then that.

I do know a guy who shot his wife in the head and killed her, then called the EMS. Because the intent and state of mind (Mens Rea) is built into the murder/homicide statutes, he ended up getting convicted of voluntary manslaughter and was sentenced (actually, he got re-sentenced because of some lawsuit challenging the constitutionality of floating sentences like 5-15 years) 8 years total and is now back on the streets without parole or probation or anything of the sort. If it wasn't for a mandatory 3 years for the gun spec that runs before any other time, he would have been out free and clear in 5 years.

Of course he claimed he pulled the gun out to shoot himself during an argument, she talked him out of doing it, and it went off when putting it down. Claimed he thought it was unloaded which is the only reason he would have put it to his own head.

Re:Ethics (1)

Ragun (1885816) | more than 2 years ago | (#37496236)

In my state there are several of what they call 'culpable mental states' These are 'with intent to' 'recklessly' 'knowingly' and 'with criminal negligence.' Different crimes require different levels. the difference between 2nd degree murder and manslaughter is that one requires intent, while the other only requires recklessness or criminal negligence. Some crimes punish you for doing X, while some charge you only for knowingly doing X.

Of course, its impossible to be absolutely sure what someone was intending to do, but that is why we have juries to make reasonable inferences.

Re:Ethics (1)

metrix007 (200091) | more than 2 years ago | (#37474476)

So by your way of thinking anything that could be used for evil should not be published and any methodology that could be used for evil should be obscured? Yawn. I've heard such a debate a million times about full disclosure. What it comes down to is that anything can be used for evil, but unless that is the intent ehre why mention that fact at all?

Re:Ethics (1)

hairyfeet (841228) | more than 2 years ago | (#37475036)

The question I have, which maybe someone who has read this book can answer, is this: Who is right, those that say you have to use Guttman and wipe a bazillion times, or the ones that say a simple zero out cleans a drive?

While I'm not worried about the MiB kicking my door i'm more worried about all the drives that end up coming through the shop. I get used drives from all over the place and usually just run a quick zero wipe and stuff it in a drawer, is that enough?

Re:Ethics (0)

Anonymous Coward | more than 2 years ago | (#37475706)

I would do the standard Guttman just to cover yourself. I would think if something does come out of one of your hd's that you followed the industry standard and should be less liable. It only takes 7 times longer, just do it and make a cup of coffee or something.

Re:Ethics (1)

hoggoth (414195) | more than 2 years ago | (#37476032)

I'm in the field. Guttman hasn't been accurate for over a decade. Modern drives pack the bits much closer together. Nothing can be recovered after a single wipe with all zeros or better all pseudo-random. Even Guttman himself acknowledges this: "For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do."

Re:Ethics (1)

hairyfeet (841228) | more than 2 years ago | (#37476252)

Thanks. I usually use a tool called Easttec Eraser and use what is called a "quick two pass with verification" which I've found to be just about as fast as a single pass. it writes one set of zeroes followed by random numbers and then does a quick verification. So if what you are saying is true my method is overkill but should work no problem.

Anyway if anyone needs a quick Windows based wiper with a ton of options Easttec Eraser is pretty nice. I've been using it for a couple of years now and it gives you everything from one pass zeroes to DOD 3 to Bruce Scheneier's method to full Guttman, about 20 different ways to wipe data. It will even let you wipe slack space of existing files, although why one would want to do that exactly i'm not sure.

Re:Ethics (1)

blueg3 (192743) | more than 2 years ago | (#37478516)

Nobody in the field of computer forensics has ever claimed or had a reason to believe that any data is recoverable from modern hard drives that have been wiped with a single pass of zeroes (or any other pattern). The police and FBI certainly don't have the technology -- unless they've never used information gathered that way in court and managed not to tell anyone about it.

There are a few exceptions. First, flash / SSD drives are weird. There's a good paper on it, but the short story is that almost all flash drives can be erased by two passes of zeroes if you're wiping the whole drive. (If you're trying to wipe a single file, you're likely to fail.) Second, a logical pass of zeroing (like what you'd get with dban or dd) does not erase data contained in bad sectors that have been mapped out by the drive's firmware or in the drive's other protected areas. Bad sectors can contain user data and can sometimes be read.

Re:Ethics (1)

hairyfeet (841228) | more than 2 years ago | (#37484368)

So that mean hybrid drives are right out huh? With those the OS doesn't access the SSD part, its all controlled by firmware, so I doubt one could even zero out something that had been put in the SSD cache.

Like I said my main worry was all the used drives I get coming through my door. I get drives from customers when they upgrade, i get drives from dead boxes and other shops, sometimes I buy a lot of drives from somewhere. So I have NO clue as to what has been on a good 80% of the drives before i got them, it could have been owned by the Unibomber for all i know. I just plug them into an old box I keep in the corner for drive wiping and recovery and just zero it out with random junk.

anyway thanks for the info, while I doubt i'll be getting any used SSDs anytime soon (from what I've seen they tend to die hard) it is nice to know that what i'm doing as SOP should be enough that if some cop traced some nutball's PC back to one I got in the lot they won't be finding crap on anything in my spare drawer.

Re:Ethics (1)

blueg3 (192743) | more than 2 years ago | (#37487066)

Oh, man! I've totally got to look in to the hybrids. The big problem with weird drive areas (bad sectors, host protected area, overprovisioning on SSDs, and the cache on a hybrid) is that a lot of drives either don't implement or improperly implement the secure-erase ATA commands. But they return "oh yes, I totally did secure-erase". So you're basically guessing unless you do careful (often very difficult) analysis.

Yeah, if you're getting conventional disks, a single pass of zeros is SOP. In the incredibly unlikely event that it becomes "a big deal", the history of the drive is really relevant. Imagine some "evil data" is in one of these rare places that doesn't get zeroed, and then the person who gets the drive is investigated carefully. The testimony that you got the drive, zeroed it once, and then gave it to the accused will cast such serious doubt on any information extracted from those sectors (there's, of course, a perfectly reasonable reason that data would be there) that evidence about what they contain is going to be worthless without a fortune of corroborating evidence. It's quite safe.

Re:Ethics (1)

hairyfeet (841228) | more than 2 years ago | (#37497606)

Yeah the way I was told the hybrids work is the firmware watches what the OS does and uses the SSD as a big buffer cache, so that the drive can stay spun down longer and can just stream writes instead of start/stop on every little thing. But since it is all controlled by the firmware who the hell knows what it will report back if you try to zero it or even if you CAN zero it out, as to the OS the cache doesn't exist, its just the HDD. I don't think the cache is even counted in drive space so you can't just load it to the top with zeroes either.

Anyway the wipe I do is a variation on the zero wipe, it is a two pass, the first all zeroes, the second random noise generated by the program. From what I was told the program (Easttec Eraser) writes random patterns, A0-FF, ones and zeroes, similar to the data a memtest would use, all broken down into binary of course, so what you get is a big pile of total gibberish. All I know is I tried a couple of tools like Recuva on one I ran Eraser on and it got a big fat nothing. I just wasn't sure how much better the tools the feds use are for such things. It seems like there is a lot of voodoo and superstition when it comes to HDDs ever since Guttman came out with his formula.

I was hoping that was enough though, as anything deeper takes an insane amount of time. the two pass takes about 2 hours on a 300gb, whereas the 7 pass DoD can take the better part of a day. When you have a dozen drives waiting to be wiped and only one machine for wiping they can pile up if you go nuts with it. Thanks for the info though, its good to know.

Re:Ethics (1)

blueg3 (192743) | more than 2 years ago | (#37498870)

All I know is I tried a couple of tools like Recuva on one I ran Eraser on and it got a big fat nothing. I just wasn't sure how much better the tools the feds use are for such things.

Yeah, no commercial-grade, simple tool will work at all even with a single pass of zeroes. SSDs often require two passes because of overprovisioning. But even that can only be detected by removing the flash chips from the SSD and using very unpleasant electronic techniques. (Legally, that means that your methods will be immediately called into question, and reconstructing any useful information will be very time-consuming.)

The Feds mostly have access to more time and well-trained personnel, but honestly, trying even to recover data from bad blocks or host-protected areas is notoriously difficult and unrewarding. It has to be something spectacular for law enforcement to bother trying that.

I agree, the paranoid N-wipe methods just take too long, when any forensics guy will tell you that they're just not needed.

Re:Ethics (1)

hairyfeet (841228) | more than 2 years ago | (#37503644)

Well all I know is from a friend that works forensics at the state crime lab, but they don't take drives apart, they just image them and then use image based tools to scan for files, that way they preserve the chain of evidence. Adam tries to hire me every time we do lunch, but....fuck that. I don't think I could handle looking at pedo shit all damned day, that would mess my head up. i know he goes to a state paid for shrink twice a week to 'data dump" as he calls it, but I don't think I could handle looking at raped kids all damned day and I sure as fuck couldn't be all cool on the stand like he is when he is faced with some guy that raped his 9 year old and took pics.

Anyway I didn't know how different what the feds did compared to what my buddy Adam does, thanks for the info. while i'm glad there are guys like him that CAN do that shit, i honestly don't think I could do it. I may love puzzles and beating a problem machine but not when the payoff is two hours of kids getting raped...fuck that. I just want to make sure any of these bulk drives that come through my shop don't have something nasty on them before i stick them in my spares bin, that's all.l

Re:Ethics (1)

BenEnglishAtHome (449670) | more than 2 years ago | (#37475778)

Law enforcement tries to keep such knowledge out of the hands of defense attorneys. While books like this are written, the truly cutting edge stuff gets discussed at conferences like cacconference.org , a gathering where lots of great info is discussed that defense attorneys and the techs that work for them could use.

If they did use that info, though, it would help create a level playing field when computer crime gets to court. LEOs at every level, of course, detest the notion of a level playing field or fairness in any form. Thus, the conference is extremely strict about keeping out anyone who could potentially work for the defense.

I'm not prepared to say that such an approach is unethical but it's certainly intellectually dishonest. Thus, my answer to your question is that I have such low expectations of integrity from everyone in the legal system that I wouldn't doubt they'd try to blame the author.

Integrity just gets in the way of locking up the pervs, guilty or not.

Re:Ethics (1)

Synerg1y (2169962) | more than 2 years ago | (#37482780)

A lot closer to the issue, why the author might have some social responsibility that translates into legal. I think it should be all or nothing though, disclose everything in the field and let the community sort it out (GPL), or keep a bunch of trade secrets and rely on those to do your job. Though one sounds a lot more ethical, both are working for people as I type this. Books that subvert law enforcement are considered grey on the scale of ethics, and though a book may not be the most direct application of ethics, the thought goes along the lines of "why are snuff films banned in the states?". It's just a film after all right, same medium (the TV) as Saturday morning cartoons. It's a tough argument to uphold, and as mentioned above is more academic, as DA's in post-Bush America don't have the funding to prosecute everyone they need to, much less reaching for accomplices along far strung lines of ethics. It would also have to be a very special case where there is a direct link between the book and the case, such as information that is ONLY found in that book was used in the case.

P.S. I like ccleaner and tuneup utlities for my hard drive cleaning, tuneup costs $20 or so for the less resourceful, and it's worth every penny. CCleaner is free, that's for inside windows, if you want to wipe the hard drive with every last bit of data, use a linux live cd and the dd command such as backtrack and "dd if=/dev/urandom of=/dev/sda1" or along those lings, specifying a block size speeds things up tons. I've had very poor success in getting dban to even recognize hardware sometimes.

Re:Ethics (1)

TBlalock (2467220) | more than 2 years ago | (#37477878)

Not sure what this has to do with the review or the book?

Re:Ethics (1)

MikeKWarren (2467784) | more than 2 years ago | (#37490726)

Still not sure of the point you are trying to make.

How do you pronounce "Eoghan"? (1)

blair1q (305137) | more than 2 years ago | (#37473808)

Is it like "Ewen"? "Yawn"? "Evan"? "Yohan"? "Eeeeeeee-yooooo, e-yo, eleven"?

Re:How do you pronounce "Eoghan"? (1)

Quirkz (1206400) | more than 2 years ago | (#37473898)

throat-warbler mangrove, I think.

Re:How do you pronounce "Eoghan"? (0)

Anonymous Coward | more than 2 years ago | (#37474120)

Apparently the same as "Owen":
http://www.pronouncenames.com/pronounce/eoghan [pronouncenames.com]

Re:How do you pronounce "Eoghan"? (1)

SoundGuyNoise (864550) | more than 2 years ago | (#37475916)

I think it rhymes with "Hadouken" [wikimedia.org]

Re:How do you pronounce "Eoghan"? (1)

Demerara (256642) | more than 2 years ago | (#37476962)

Is it like "Ewen"? "Yawn"? "Evan"? "Yohan"? "Eeeeeeee-yooooo, e-yo, eleven"?

It's Irish and is pronounced Owen (O-wen). Naturally, Mr. Casey may have a different view!

Other great Irish names - Niamh (Neve), Saedbh (Sive) and Maedbh (go on, guess - "bh" is like "v")

Re:How do you pronounce "Eoghan"? (1)

blueg3 (192743) | more than 2 years ago | (#37478466)

Naturally, Mr. Casey may have a different view!/quote.

He does not. He also pronounces it "Owen".

Owen (0)

Anonymous Coward | more than 2 years ago | (#37473936)

It's pronounced like Owen.

10/10 again (-1)

Anonymous Coward | more than 2 years ago | (#37474242)

and I'm now taking that as a hint to not bother reading either review or book.

Re:10/10 again (1)

TBlalock (2467220) | more than 2 years ago | (#37475824)

Why? You would have read it had it been rated 9/10?

Re:10/10 again (-1)

Anonymous Coward | more than 2 years ago | (#37478370)

very true.

i only read books with 1 star....

dvds free p90x (1)

dvdwholesale3 (2432850) | more than 2 years ago | (#37475230)

dvds free p90x [slashdot.org] is an extremely intense program.Sheer will and determination may get you to the finish line,but to achieve the best results,youâ(TM)ve got to have the proper quality and quantity of nutrition.We make these supplements optional,so you have a choice.But know that P90x supplements were designed for this program and will supply your body with the necessary nutrients to give you added strength energy,and stamina for each workout. As you may notice from the math on the following pages, dvds free p90x [slashdot.org] is not bulit around adaily âoecalorie deficitâ for weight loss like the general Beachbody plans found in Power 90,Kathy Smitsâ(TM)s Project :You!Type 2,and Slimin 6.Itâ(TM)s important that you understand why ,so you have the right training mentality with this program ,with the right expectations.

Review is Verbatim from Amazon (0)

Anonymous Coward | more than 2 years ago | (#37475594)

The one and only review of the third edition of this book on Amazon is the same exact review. Plaigarism? Maybe not, but something is fishy here.

http://www.amazon.com/Digital-Evidence-Computer-Crime-Third/dp/0123742684/ref=sr_1_1?s=digital-text&ie=UTF8&qid=1316658700&sr=1-1

Re:Review is Verbatim from Amazon (1)

TBlalock (2467220) | more than 2 years ago | (#37475860)

If you look at the author of this review, and the author of the Amazon review, you will see they are the same person. Book reviewers cross-post to different blogs and web sites.

Digital "evidence". (0)

Anonymous Coward | more than 2 years ago | (#37476168)

Anything consisting of 0s and 1s can be fabricated, cannot be trusted.

Re:Digital "evidence". (1)

JockTroll (996521) | more than 2 years ago | (#37477618)

Still smarting, hunh? Still cursing the inventors of the digital camera, after they caught you jerking off near the kindergarten? Is that how you tried to explain the terabytes of kiddie scat bestiality porn in your computer? "It was all fabricated"? Wow, not even the ghost of Melvin Belli could ever save your butt.

Re:Digital "evidence". (1)

MikeKWarren (2467784) | more than 2 years ago | (#37479412)

Ever hear of trusted digital certificates?

Wait, why isn't this a Packt Press review? (0)

1_brown_mouse (160511) | more than 2 years ago | (#37478766)

Did Academic press pony up or is this a real book report someone wrote?

Re:Wait, why isn't this a Packt Press review? (1)

MikeKWarren (2467784) | more than 2 years ago | (#37479194)

Why do you not think this is a real review?

No mention of chain of custody? (1)

elrous0 (869638) | more than 2 years ago | (#37480656)

When I was in forensics, one of the most important and fundamental concepts I had to learn right off the bat was the importance of carefully documenting the chain of custody of all evidence. This is especially important in computer forensics, as digital evidence is so easy to alter. You can do the best investigation in the world, but if you screw up your chain of custody, a good defense lawyer can eat you alive. "Oh, so you're saying that you don't even *know* who all had access to this hard drive for those 2 months, huh? Well, then how do you *know* someone didn't plant this so-called evidence?"

Re:No mention of chain of custody? (1)

MikeKWarren (2467784) | more than 2 years ago | (#37481036)

what makes you think there is no mention of that in the book?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>