Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Book Review: Digital Archaeology: the Art and Science of Digital Forensics

samzenpus posted about 7 months ago | from the read-all-about-it dept.

Books 14

benrothke writes "The book Digital Archaeology: The Art and Science of Digital Forensics starts as yet another text on the topic of digital forensics. But by the time you get to chapter 3, you can truly appreciate how much knowledge author Michael Graves imparts. Archaeology is defined as the study of human activity in the past, primarily through the recovery and analysis of the material culture and environmental data that they have left behind, which includes artifacts, architecture, biofacts and cultural landscapes. The author uses archeology and its associated metaphors as a pervasive theme throughout the book. While most archeology projects require shovels and pickaxes; digital archeology requires an entirely different set of tools and technologies. The materials are not in the ground, rather on hard drives, SD cards, smartphones and other types of digital media." Keep reading for the rest of Ben's review.In the preface, Graves writes that in performing an investigation that explores the use of computers or digital data, the investigator is embarking on an archaeological expedition. In order to extract useful artifacts, information when dealing with our topic at hand; the investigator must be exceedingly careful in how he approaches the site. The similarities between a digital investigation and an archaeological excavation are much closer than you might imagine. Data, like physical artifacts, gets dropped into the oddest places. The effects of time and environment are just as damaging, if not more so, to digital artifacts as they are physical mementos.

The book shows you precisely how to extract those artifacts effectively. And in a little over 500 pages, the books 21 chapters, provides a comprehensive overview of every area relevant to digital forensics. The author brings his experience to every page and rather than being a dry reference, Graves writes an interesting reference guide for the reader who is serious about becoming proficient in the topic.

Rather than provide dry overview of the topics and associated hardware and software tools. The books take a real-world approach and provides a detailed narrative of real-world scenarios.

An important point Graves makes is that a digital investigator who does not understand the basic technology behind the systems they are investigating is going to be at a distinct disadvantage. Understanding the technology assists in the investigative process and ensures that the evidence can be held up in court.

The need to a proficiency in digital forensics is manifest in the recent attack against Target stores. After an aggressive attack, the store called in external digital forensics consultants to help them make sense of what happened.

The book starts with an anatomy of a digital investigation, including the basic model an investigator should use to ensure an effective investigation. While the author is not a lawyer; the book details all of the laws, standards, constitutional issues and regulations that an investigator needs to be cognizant of.

The author notes that Warren Kruse and Jay Heiser wrote in Computer Forensics: Incident Response Essentials that the basic computer investigation model was a four-part model with the following steps: assess, acquire, analyze and report. Graves breaks those into more detailed and granular level levels that represent processes that occur within each step. These steps are: identification and assessment, collection and acquisition, preservation, examination, analysis and reporting.

Chapter 2 has a section on the constitutional implications of forensic investigation, of which is the topic is also pervasive throughout the book.

As noted, a significant portion of the book is dedicated to the legal aspects around digital investigations. Graves spends a lot of time on these needed issues such as search warrants and subpoenas, basic elements of obtaining a warrant, the plain view doctrine, admissibility of evidence, keeping evidence authentic, defining the scope of the search, and when the Constitution doesn't apply.

The only chapter that was deficient was chapter 13 – Excavating a Cloud. Graves writes that the rapid emergence of cloud computing has added a number of new challenges for the digital investigator. The chapter does a good job of detailing the basic implications of cloud forensics. But it unfortunately does not dig any deeper, and does not provide the same amount of extensive tool listings as do other chapters.

Each chapter closes with a review of the topic and various exercises. Those wanting to see a sample chapter can do so here.

For those looking for an introductory text on the topics of digital forensics, Digital Archaeology: The Art and Science of Digital Forensics is an excellent read. Its comprehensive overview of the entire topic combined with the authors excellent writing skills and experience, make the book a worthwhile reference.

Reviewed by Ben Rothke.

You can purchase Digital Archaeology: The Art and Science of Digital Forensics from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×

14 comments

The Bay Harbor Byte Pusher (-1)

Anonymous Coward | about 7 months ago | (#45769593)

im feeling compulsive

Re:The Bay Harbor Byte Pusher (0)

Steve_Ussler (2941703) | about 7 months ago | (#45769683)

Nothing worse than a Anonymous Coward with OCD.

I love bok reviws (-1)

Anonymous Coward | about 7 months ago | (#45769885)

They are great. Almost as good - no, better! - than readin the buk!
I thank you sir! ANd I'm not drunk. OK well a little,

Re:I love bok reviws (-1)

Anonymous Coward | about 7 months ago | (#45769947)

You must be the dude from duck dynasty!!!

Fifth Post (1)

Psychotria (953670) | about 7 months ago | (#45771817)

Finally I got 5th post!

The only thing detracting from my enjoyment is that it's possibly the last post in this thread as well.

Re:Fifth Post, but not the last (1)

esldude (1157749) | about 7 months ago | (#45771961)

Hate to see a fellow slashdotter suffer less enjoyment than he wishes. So, no your 5th post won't be the last. And I in a generous mood leave it for another to get the lucky 7th post. The book actually sounds of some interest to me. But once I unearthed the price in my digging, I will have to pass for now at least. Merry Christmas to all.

Re:Fifth Post, but not the last (1)

Anonymous Coward | about 7 months ago | (#45772309)

$56.38 brand new on Amazon.

Used copies in good shape as low as $47.00. That is not so terribly much for a book like this.

Re:Fifth Post (0)

Anonymous Coward | about 7 months ago | (#45771969)

/. should go on a hiatus last 2 wks in dec.

everything is quiet...so quiet...s

Next... (1)

AmiMoJo (196126) | about 7 months ago | (#45773105)

Next can we have a book about anti-forensics? I don't want someone going through my digital life, thanks.

Re:Next... (0)

Anonymous Coward | about 7 months ago | (#45773947)

Next can we have a book about anti-forensics? I don't want someone going through my digital life, thanks.

man cryptsetup [cam.ac.uk] . You might want to study resistance to interrogation too.

Re:Next... (0)

Anonymous Coward | about 7 months ago | (#45774447)

i am sure that is in the works...somewhere....

Misleading title (0)

Anonymous Coward | about 7 months ago | (#45774241)

"Digital archaeology" would be to recover old data and software from media/formats that are no longer supported, or deleted content from web caches. This seems to be more about digital snooping, for cops who don't have the hacker skills but somehow think they can acquire them through a book. And the sample chapter isn't particularly enticing. It reads like a bureaucrat's manual, no technical content at all.

Re:Misleading title (0)

Anonymous Coward | about 7 months ago | (#45774471)

:::"Digital archaeology" would be to recover old data and software from media/formats that are no longer supported, or deleted content from web caches.

that is YOUR definition.

review seems to give the AUTHORS definition.

Digital archaeology is a some what made up term...so whaterever goes.

Archaeology week on Slashdot? (0)

Anonymous Coward | about 7 months ago | (#45792337)

First this review....

Then today this article: The Archaeology of Beer
http://science.slashdot.org/story/13/12/26/183241/the-archaeology-of-beer

is it Archaeology week on Slashdot?

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...