0849381584.rev 990131
"Investigating Computer Crime", Clark/Diliberto, 1996, 0-8493-8158-4,
U$49.95
%A Franklin Clark, Ken Diliberto
%C 2000 Corporate Blvd, N.W., Boca Raton, FL 33431
%D 1996
%E n/a
%G 0-8493-8158-4
%I CRC Press, INC
%O U$49.95
%P 228 p.
%T "Investigating Computer Crime"
Chapter 1 - "Computer Search Warrant Team": Chapter one starts out quick
and to the point. In this three page chapter, the authors outline six
groups that make up a computer search warrant team. Supervisor, Interview
Team, Sketch/Photo team, Physical search team, security/arrest, and
technical evidence seizure team.
Chapter 2 - "Comptuer-Related Evidence": A detailed list of types of
evidence that can be found at a subject's location. The chapter lists
types of evidence, shows where it might be found, gives examples, as well
as includes pictures. Unfortunately, the common stereotyping of hackers
begins here which may distract the reader from the facts.
Chapter 3 - "Investigative Tool Box": Every investigative team shuold
carry a toolkit to effectively perform their duties. The advice and
recommendations in this chapter seem to focus on MSDOS and Win 3.1
systems. Programs and software tend to be Windows based commercial
programs. Little mention is made of OS/2, UNIX, or more obscure OSs.
Chapter 4 - "Crime Scene Investigation": Each investigation must go
through certain steps to be effectively completed. Starting with scene
evaluation and ending with "completing the search". This chapter goes stey
by step through the required process.
Chapter 5 - "Making a Boot Disk": Once again, this chapter seems to focus
on MSDOS based systems. Those investigating Unix or NT systems will not
benefit from the information here. Since a majority of systems are now 95,
NT, or Unix, this chapter could stand for a second version.
Chapter 6 - "Simple Overview of Seizing a Computer": Chapter six is
nothing more than a three page checklist overview of the steps in seizing
a computer. Unfortunately, it doesn't go into much detail or prepare the
reader for uncommon occurances.
Chapter 7 - "Evidence Evaluation and Analysis": Once the material has been
collected from the subject computer, the long process of examining the
files begins. Covering the different types of files like spreadsheets,
databases, or graphics, this chapter focuses on DOS or Win based
comptuers.
Chapter 8 - "Investigating Floppies": Much like the previous chapter, this
one applies to any floppy disks seized in a warrant.
Chapter 9 - "Common File Extensions": A three page list of common file
extensions. Aside from the duplicate entries (like 'gif'), there is a
noticeable lack of other extremely common extensions like 'tar', 'gz', or
'arj'.
Chapter 10 - "Passwords and Encryption": While covering passwords and
elements of good password security, the chapter falls very short on
practical encryption. Someone new to investigating comptuer crime is
likely to walk away thinking that encryption will not be a big hurdle when
encountered. Rather than cover more on PGP, CFS, or SFS, the chapter goes
into BBS passwords, Quicken, Word Perfect, and similar programs.
Chapter 11 - "Investigating Bulletin Boards": The obvious base of the
author's experience, this chapter goes into details on BBSs, their
operation, finding them, and more. Along with some information on elements
of a BBS, suggestions are made for the L.E. officer poking around new
BBSs. Guidelines for investigators trying to infiltrate a BBS are given,
but the concept of fitting in seems to fall short.
Chapter 12 - "'Elite' Acronyms": The mere existance of this chapter along
with the short list suggest the authors don't fully graps the depth of the
'underground' scene. While listing some obscure groups I have personally
never heard of, they leave off well known and overly used acronyms often
used among the scene.
Chapter 13 - "Networks": Perhaps one of the more concise chapters, this
section gives a good summary of networks, network devices, and network
operating systems. Understanding networks is the key to properly
investigating.
Chapter 14 - "Ideal Investigative Computer Systems": Though written in
1996, the recommend systems for investigators as outlined seems
appropriately detailed. However, while the outline does provide a decent
foundation for new investigators to work from, it seems rather
short-sighted.
Chapter 15 - "Court Procedures": Often one of the more elusive and more
misunderstood components of a comptuer crime investigation, the court
procedures are often the most critical. This chapter touches on expert
witnesses, pretrial preperation, terminology, and more.
Chapter 16 - "Search Warrants": By citing case law and specific examples
the authors have encountered, the a good coverage of details on types and
differences of various search warrants is presented. Included in the
chapter are sample warrants from previous cases to give the reader a solid
idea of what they encompass.
Overview: For someone new to investigating computer crime, this is the
ideal book for you. Not only does it cover most aspects of an
investigation, it does so by providing examples and pictures for
re-enforcement. To the experienced investigator, the book may fill in a
few small gaps or bring to light a new element previously overlooked.
Lastly, to anyone working on cases involving unix or the internet, this
book is not for you.
review by: jericho@dimensional.com
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:20:05 1999