[ISN] REVIEW: "Investigating Computer Crime", Clark/Diliberto

From: mea culpa (jerichoat_private)
Date: Sat Feb 06 1999 - 02:51:15 PST

  • Next message: mea culpa: "[ISN] TDS to hold Controlled Penetration Demonstration"

    0849381584.rev   990131
    "Investigating Computer Crime", Clark/Diliberto, 1996, 0-8493-8158-4,
    %A   Franklin Clark, Ken Diliberto
    %C   2000 Corporate Blvd, N.W., Boca Raton, FL 33431
    %D   1996
    %E   n/a
    %G   0-8493-8158-4
    %I   CRC Press, INC
    %O   U$49.95 
    %P   228 p.
    %T   "Investigating Computer Crime"
    Chapter 1 - "Computer Search Warrant Team": Chapter one starts out quick
    and to the point. In this three page chapter, the authors outline six
    groups that make up a computer search warrant team. Supervisor, Interview
    Team, Sketch/Photo team, Physical search team, security/arrest, and
    technical evidence seizure team. 
    Chapter 2 - "Comptuer-Related Evidence": A detailed list of types of
    evidence that can be found at a subject's location. The chapter lists
    types of evidence, shows where it might be found, gives examples, as well
    as includes pictures. Unfortunately, the common stereotyping of hackers
    begins here which may distract the reader from the facts. 
    Chapter 3 - "Investigative Tool Box": Every investigative team shuold
    carry a toolkit to effectively perform their duties. The advice and
    recommendations in this chapter seem to focus on MSDOS and Win 3.1
    systems. Programs and software tend to be Windows based commercial
    programs. Little mention is made of OS/2, UNIX, or more obscure OSs. 
    Chapter 4 - "Crime Scene Investigation": Each investigation must go
    through certain steps to be effectively completed. Starting with scene
    evaluation and ending with "completing the search". This chapter goes stey
    by step through the required process. 
    Chapter 5 - "Making a Boot Disk": Once again, this chapter seems to focus
    on MSDOS based systems. Those investigating Unix or NT systems will not
    benefit from the information here. Since a majority of systems are now 95,
    NT, or Unix, this chapter could stand for a second version. 
    Chapter 6 - "Simple Overview of Seizing a Computer": Chapter six is
    nothing more than a three page checklist overview of the steps in seizing
    a computer.  Unfortunately, it doesn't go into much detail or prepare the
    reader for uncommon occurances. 
    Chapter 7 - "Evidence Evaluation and Analysis": Once the material has been
    collected from the subject computer, the long process of examining the
    files begins. Covering the different types of files like spreadsheets,
    databases, or graphics, this chapter focuses on DOS or Win based
    Chapter 8 - "Investigating Floppies": Much like the previous chapter, this
    one applies to any floppy disks seized in a warrant. 
    Chapter 9 - "Common File Extensions": A three page list of common file
    extensions. Aside from the duplicate entries (like 'gif'), there is a
    noticeable lack of other extremely common extensions like 'tar', 'gz', or
    Chapter 10 - "Passwords and Encryption": While covering passwords and
    elements of good password security, the chapter falls very short on
    practical encryption.  Someone new to investigating comptuer crime is
    likely to walk away thinking that encryption will not be a big hurdle when
    encountered. Rather than cover more on PGP, CFS, or SFS, the chapter goes
    into BBS passwords, Quicken, Word Perfect, and similar programs. 
    Chapter 11 - "Investigating Bulletin Boards": The obvious base of the
    author's experience, this chapter goes into details on BBSs, their
    operation, finding them, and more. Along with some information on elements
    of a BBS, suggestions are made for the L.E. officer poking around new
    BBSs. Guidelines for investigators trying to infiltrate a BBS are given,
    but the concept of fitting in seems to fall short. 
    Chapter 12 - "'Elite' Acronyms": The mere existance of this chapter along
    with the short list suggest the authors don't fully graps the depth of the
    'underground' scene. While listing some obscure groups I have personally
    never heard of, they leave off well known and overly used acronyms often
    used among the scene. 
    Chapter 13 - "Networks": Perhaps one of the more concise chapters, this
    section gives a good summary of networks, network devices, and network
    operating systems. Understanding networks is the key to properly
    Chapter 14 - "Ideal Investigative Computer Systems": Though written in
    1996, the recommend systems for investigators as outlined seems
    appropriately detailed.  However, while the outline does provide a decent
    foundation for new investigators to work from, it seems rather
    Chapter 15 - "Court Procedures": Often one of the more elusive and more
    misunderstood components of a comptuer crime investigation, the court
    procedures are often the most critical. This chapter touches on expert
    witnesses, pretrial preperation, terminology, and more. 
    Chapter 16 - "Search Warrants": By citing case law and specific examples
    the authors have encountered, the a good coverage of details on types and
    differences of various search warrants is presented. Included in the
    chapter are sample warrants from previous cases to give the reader a solid
    idea of what they encompass. 
    Overview: For someone new to investigating computer crime, this is the
    ideal book for you. Not only does it cover most aspects of an
    investigation, it does so by providing examples and pictures for
    re-enforcement. To the experienced investigator, the book may fill in a
    few small gaps or bring to light a new element previously overlooked.
    Lastly, to anyone working on cases involving unix or the internet, this
    book is not for you. 
    review by: jerichoat_private
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:14 PDT