Book review of Guide To Computer Forensics and Investigations by Bill Nelson, Amelia Phillips and Chris Steuart
Overview
“Guide To Computer Forensics and Investigations” is a comprehensive textbook that provides detailed information and methodologies for conducting digital forensic investigations, I used it to teach CIS 60 - Introduction to Digital Forensics class at Merritt College. The authors cover a broad range of topics essential for students and professionals in the field of digital forensics, including how to set up a forensics lab, the tools and techniques used for data acquisition, and the legal considerations involved in forensic investigations.
Themes
The book emphasizes several key themes:
- Professionalism in Digital Forensics: Highlighting the ethical considerations and standards required in the profession.
- Technological Competence: A focus on equipping readers with the knowledge to handle modern digital devices and software.
- Practical Application: Each chapter includes practical exercises and case studies to demonstrate the real-world application of theoretical concepts.
Examples and Tools
The book provides examples and detailed explanations of various digital forensics tools. Here’s a brief overview from all chapters and appendices:
| Chapter | Summary | Example Tools/Exercises |
|---|---|---|
| Preface | Overview of book’s purpose and how to use it. | - |
| Introduction | Introduction to the field and its importance. | - |
| Chapter 1 | Understanding the digital forensics profession and investigations. | Overview of legal considerations and case examples. |
| Chapter 2 | The Investigator’s Office and Laboratory setup. | Guidelines for hardware and software setup. |
| Chapter 3 | Techniques for data acquisition. | Demonstrations using Write Blockers and Disk Imaging software. |
| Chapter 4 | Processing crime and incident scenes. | Step-by-step scenarios for securing and documenting scenes. |
| Chapter 5 | Working with Windows and Command Line Interface (CLI) systems. | Practical exercises with Windows OS and command-line tools. |
| Chapter 6 | Current digital forensics tools. | Use of tools like EnCase and FTK. |
| Chapter 7 | Forensics involving Linux and Macintosh file systems. | Techniques using Linux dd and MacQuisition. |
| Chapter 8 | Recovering graphics files. | Exercises using PhotoRec and other recovery tools. |
| Chapter 9 | Digital forensics analysis and validation. | Validation techniques and tools such as hash analysis. |
| Chapter 10 | Virtual machine, live acquisitions, and network forensics. | Use of VMware, Volatility for live data analysis. |
| Chapter 11 | E-mail and social media investigations. | Analysis using Email Examiner and social media investigative techniques. |
| Chapter 12 | Mobile device forensics and the Internet of Anything. | Mobile device analysis with tools like Cellebrite and XRY. |
| Chapter 13 | Cloud forensics. | Cloud data extraction and analysis techniques. |
| Chapter 14 | Report writing for high-tech investigations. | Guidelines and templates for report writing. |
| Chapter 15 | Expert testimony in digital investigations. | Preparing and presenting forensic evidence in court. |
| Chapter 16 | Ethics for the expert witness. | Discussion of ethical dilemmas and solutions. |
| Appendix A | Certification test references. | List of resources for further certification. |
| Appendix B | Digital forensics references. | Comprehensive list of additional reading and resources. |
| Appendix C | Digital forensics lab considerations. | Factors to consider when setting up a forensic lab. |
| Appendix D | Legacy file system and forensics tools. | Discussion of older systems and their forensic analysis. |
Conclusions
The book concludes with an emphasis on the ongoing nature of learning in digital forensics due to evolving technology. The authors stress the importance of continuous education and certification, as outlined in Appendix A, which provides a comprehensive list of references for certification exams.
Overall, “Guide To Computer Forensics and Investigations” is an essential resource for anyone involved in the field of digital forensics, providing both foundational knowledge and advanced techniques, backed by practical examples and exercises to enhance learning and application in real-world scenarios.