| | |  | Computer Security | Home » » Computer Evidence: Collection & Preservation (Networking & Security) | | | | | | | Product Promotions: | | | | | Description: | | Computer Evidence: Collection and Preservation teaches law enforcement and computer forensics investigators how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. The book focuses on collection and preservation because these two phases of computer forensics are the most critical to evidence acceptance, but are not thoroughly covered in text or courses. Throughout the book, a constant eye is kept on evidence dynamics and the impact investigators can have on data integrity while collecting evidence. The simple act of a computer forensics investigator shutting down a suspect's computer changes the state of the computer as well as many of its files, so a good understanding of evidence dynamics is essential when doing computer forensics work. Broken up into five parts, Computer Forensics & Evidence Dynamics, Information Systems, Data Storage Systems & Media, Artifact Collection, and Archiving & Maintaining Evidence, the book places specific focus on how investigators and their tools are interacting with digital evidence. By reading and using this task-oriented guide, computer forensics investigators will be able to ensure case integrity during the most crucial phases of the computer forensics process. | | | Product Details: | | | Author:
| Christopher LT Brown | | Paperback:
| 394 pages | | Publisher:
| Charles River Media | | Publication Date:
| October 03, 2005 | | Language:
| English | | ISBN:
| 1584504056 | | Package Length:
| 9.06 inches | | Package Width:
| 7.17 inches | | Package Height:
| 1.1 inches | | Package Weight:
| 1.85 pounds | | Average Customer Rating:
|  based on 4 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 4 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
9 of 9 found the following review helpful:
 Great resourceNov 24, 2005
By Harold McFarland
It seems that a lot of books on forensics concentrate on making a disk image of the hard drive being examined, filtering the information on the disk, and presenting it in proper format for court use. However, collecting and preserving the evidence is much more than imaging the hard disk. If the computer is still on then evidence may be in memory, potential evidence may be on routers, proxy servers, etc. This book details this part of forensic evidence gathering, an area often just skimmed over in other computer forensics texts. This is a critical aspect of investigation because it does not matter how well your filtering works and how much evidence you obtain if your data preservation was not done correctly and the evidence is inadmissible in court.
Evidence dynamics is covered in detail and the author does a better job of this than any other forensics book I have read. Evidence dynamics is how to keep the evidence from disappearing or changing. Just the act of shutting down a computer changes temporary files, open processes, swap file information, and many other items that may be necessary for a thorough investigation. Even the appendixes are valuable and contain several excellent sample forms including chain of custody, evidence collection, and evidence access worksheets. If you are involved in either the collection or the maintenance of data for a potential court case then you will be interested in this book. Alternatively, if you are trying to discredit an expert witness then the information presented here may also provide areas of attack. Either way Computer Evidence Collection and Preservation is highly recommended.
5 of 5 found the following review helpful:
 THE CSI OF COMPUTER EVIDENCE!!Jun 11, 2006
By John R. Vacca
"Tech Write Independent Reviewer"
Are you a law enforcement officer, system administrator, IT professional, legal professional or a computer forensics student? If you are, this book is for you! Author Christopher LT Brown, has done an outstanding job of writing a great book by focusing on the first two phases of the computer forensics process: computer evidence collection and preservation.
Brown, begins by introducing the reader to the essential elements of computer forensics.
Next, the author discusses the rules of evidence, existing computer-related case law, and regulation as a basis of understanding the nature of computer evidence in court. Then, he provides information about evidence dynamics, which is defined as anything that effects evidence in any way. The author continues by presenting the key components to knowing where data can be found within an organization's infrastructure. In addition, the author shows you how an organization's information architecture can be as diverse as a city's street's. He also examines the volatility of digital data in physical memory and storage. Next, the author explains the key components of the IDE,SIDE, and SCSI standards as they pertain to evidence collection. Then, he describes advanced physical storage methods in use today. The author also examines some of the many types and formats of removable media including flash cards and optical media. In addition, the author next describes one of the most important components of any computer forensics investigation: tools preparation and documentation. He also shows you how volatile data can be difficult to capture in a forensically sound fashion. Next, the author describes how methodologies used in computer forensics can be as varied as the systems being imaged. Then, he shows you how the collection of evidence from large computer systems can be challenging to any investigator. The author continues by walking the reader through different design options to get the most out of their hardware configuration in the field and back in the lab. In addition, he shows you how today's computer evidence investigators rarely work from a single forensics workstation. Finally, he discusses areas for further study in computer forensics such as analysis and presentation of evidence in court.
This most excellent book uses evidence dynamics at the center of its approach to show the reader what forces act on data during evidence identification, collection and storage. What's most important though, is that this book will help guide the computer forensics investigator in ensuring case integrity during the most crucial phases of the computer forensics process.
5 of 6 found the following review helpful:
The Most Comprehensive Book on the SubjectNov 28, 2005
By John Matlock
"Gunny"
This is a timely book as we are hearing more and more about the U.S. military and intelligence agencies collecting the computers used by terrorists. This same trend is appearing in conventional law enforcement. The amount of information that can be stored on a computer is, of course huge, also important is the transient: What web site is the computer viewing? What e-mail system is on-line? What can be gotten from the router being used?
This book goes into every aspect of getting forensics information off of a computer. It starts with examining the computer, if it is on, then extracting the information from places like temporary internet storage. Of course there's a lot that needs to be done with the hard drive, and if you can find back up disks, tapes or memory devices.
In addition, there are hardware and software tools that can be used to extract information from the system. A general coverage of these is given, along with sources. Some of these are included on the CD-ROM included with the book.
This book is intended for use in a legal environment, so there is discussion on maintaining the chain of evidence to ensure that it doesn't get thrown out of court. Should you be on the other side in a trial, this gives you something to ask of the investigators to be sure that they have followed the rules.
Basically this is the most complete, most thorough book on the subject written by one of the experts in the business.
1 of 1 found the following review helpful:
The Collection and Preservation of Digital EvidenceMar 13, 2007
By C. Flowers
At this time I am about halfway through the book and finding it very informative and very interesting. It covers a lot of technical information which is normally pretty boring but I am having a hard time putting it down. Highly recommend this as require reading for the ameture forensic computer examiner.
CR Flowers CCE
| | |
|
