Saturday, January 16, 2010

Cybercrime Books

A friend of mine is looking at a career change and is considering digital forensics as his new career. He was looking for a few books to read ... in an effort to see if DF was in fact a good career move. I recommended the following books:

Scene of the Cybercrime by Debra Littlejohn Shinder and Michael Cross. Here's an excerpt:

"Most organizations and experts involved in computer forensics agree on some basic standards regarding the handling of digital evidence, which can be summarized as follows:

  • The original evidence should be preserved in a state as close as possible to the state it was in when found.
  • If at all possible, an exact copy (image) of the original should be made to be used for examination so as not to damage the integrity of the original.
  • Copies of data made for examination should be made on media that is forensically sterile—that is, there must be no preexisting data on the disk or other media; it should be completely “clean” and checked for freedom from viruses and defects.
  • All evidence should be properly tagged and documented and the chain of custody preserved, and each step of the forensic examination should be documented in detail.
I also recommended The Best Damn Cybercrime and Digital Forensics Book Period by Jack Wiles and Anthony Reyes. Here's an excerpt:

"Before we move into a discussion of digital forensic principles, it is important that we understand the difference between principles and procedures (methodologies). The Merriam-Webster online dictionary defines a principle as “a comprehensive and fundamental law, doctrine, assumption or rule” and a procedure as “a particular way of accomplishing something or of acting.” The difference between the two terms can appear to be minimal, but it is important: A principle is a fundamental truth that governs a specific endeavor; in contrast, a procedure is a method of accomplishing something."


No comments: