Hacking Exposed: Computer Forensics

Secrets & Solutions

Chris Davis, Aaron Philipp and David Cowen illustrate how to conduct a computer forensic investigation to collect and examine evidence that will stand up to judicial scrutiny using the familiar and proven format of the Hacking Exposed series of books.

About The Book

Forensic investigation is about more than simply uncovering the root cause of a problem or identifying an attacker. That sort of incident response may be good to resolve the issue at hand and restore your network to a productive status, but if you intend to pursue any legal action against the attacker, it may backfire.

Davis, Philipp and Cowen walk through the steps necessary to not only find out what happened and how, but to do so in a way that allows you to satisfy the rules of evidence and establish a legal case that will withstand judicial scrutiny.

The book is divided into sections: I- Preparing For An Incident, II- Collecting The Evidence, III- Forensic Investigation Techniques, IV- Presenting Your Findings and V- Appendixes.

The book covers a range of topics including how to prepare a forensic lab environment, collecting forensic evidence, even from remote systems, techniques specific to different operating systems, and specific sections on analyzing email, cell phone, PDA and other special types of data.

The appendices provide forms and checklists you may find useful and provide further background on the legal concerns and issues around admissability of digital forensic evidence.

My Review

I am never really disappointed in any of the Hacking Exposed series of books. While some of the information may be redundant or appear in other books from the series, Hacking Exposed more or less built, never mind set, the bar for this type of book and each book in the series does an admirable, if not exemplary job of conveying the intended information.

Following the familiar and proven style and format of the Hacking Exposed books, Davis, Philipp and Cowen explain the tools and techniques you need to understand to conduct a computer forensic investigation. They describe the issues and concerns you will face in establishing a chain of custody and ensuring that the evidence you collect will be admissable in a court of law and help you build a case.

Mishandling data and forensic evidence may sink your case before it starts so it is important to understand the legal processes that cover computer forensic investigations and how to get past the hurdles you come upon.

Forensic investigations are a particular interest to me and I found this book to be exceptionally informative and helpful in providing me with the tools and techniques I would need to conduct such an investigation.