Summary:As with all crimes, computer crimes leave tracks—albeit digital ones. By reading this book, one can learn to collect and analyze evidence found in a compromised computer system.
From fraud and theft to forged digital signatures, computer crime is on the rise. Most computer crimes involve incoming or outgoing Internet traffic, and remote attacks, such as viruses and worms, are growing in number and sophistication.
Computer forensics, the newest branch of computer security, deals with the aftermath of an attack. The goal of computer forensics is to conduct an investigation into a compromised computer system in a manner that will hold up to legal scrutiny.
Computer Forensics is written by two experts in digital investigation, and provides extensive information on how to handle the computer as evidence. Kruse and Heiser take the reader from the initial collection of evidence through its turn over to the victim or a law enforcement official. This book covers topics ranging from an overview of encryption to creating an evidence log and case folder to how to present yourself in court. Both Unix and the Windows NT/2000 operating systems are covered for forensic examiners.
This book provides a detailed methodology for preserving the integrity of evidence by addressing the three A's of computer forensics:
- Acquire the evidence without altering or damaging the original data.
- Authenticate that your recorded evidence is the same as the original seized data.
- Analyze the data without modifying the recovered data.
Computer Forensics is written foranyone who has a computer directly connected to the Internet; it is an essential tool for anyone who may have to respond to a report of a compromised computer system.
