Browse archive

Latest news

Microsoft to pay up to 150k for vulnerabilities

(IN)SECURE Magazine issue 38 released

Collected data helped foil 50 terrorist plots, says NSA chief

65+ websites compromised to deliver malvertising

Customized spam uses cell phone users’ data against them

Facebook once again accessible via Tor

Oracle releases critical security updates for Java

Employees biggest IT threat to businesses

Google asks secret court permission to publish FISA numbers

Failed backups endanger revenue and productivity

How to detect hidden administrator apps on Android

CyanogenMod founder aims to thwart data-grabbing apps

Hacking charge stations for electric cars

The Basics of Digital Forensics

by Zeljka Zorz - Thursday, 15 March 2012.

Author: John Sammons
Pages: 208
Publisher: Syngress
ISBN: 1597496618

Introduction

Computers, mobile devices and the Internet have become an integral part of our daily lives. They are helpful tools, but they are also sources of information that one would not necessarily like to share with everybody. With privacy becoming an increasingly urgent concern as years go by, every computer technology user should know a bit about what can be extracted from various devices - no matter which side of the inquiry he might find himself on.

About the author

John Sammons is an Assistant Professor at Marshall University in Huntington, West Virginia. He teaches digital forensics, electronic discovery, information security and technology. He is also the founder and Director of the Appalachian Institute of Digital Evidence, and routinely provides training for the legal and law enforcement communities in the areas of digital forensics and electronic discovery.

Inside the book

Every time I open a book for beginners - and especially when the topic is more than familiar to me - I must first pause a bit and adjust my way of thinking. Personally, I don't mind reading such books, as I'm often pleasantly surprised at how much I actually know, but that is just it - I have to constantly keep asking myself: "If I didn't already know this, would this explanation be adequate?"

"The Basics of Digital Forensics" is a relatively short book that doesn't go in depth - things I consider definite qualities in books for beginners.

The book explains the notion of digital forensics and how it's used, how computers (especially Windows-based) create and store digital information, introduces basic tools for performing various tasks and the processes for collecting evidence.

It explains the processes and tools used for recovering deleted evidence, touches the subject of privacy laws (unfortunately, only those in the US), and then concentrates on methods of collecting digital evidence from the Internet, email, networks and mobile devices.

Finally, it ends with a short chapter on two technologies that will hugely impact the field of digital forensics: cloud computing and solid state hard drives. The problem is that data stored in these places can be technically or legally unrecoverable, and it's still difficult to tell how this issue will be solved.

The author does a good job in keeping the book "light": he doesn't use overly technical language, the explanations are simple and very concise, he doesn't get bogged down in unimportant minutiae.

Throughout the text, he does mention some advanced techniques, but keeps it very short and then provides a source for the material for those who are interested in more. Also very helpful are the occasional "Alert" text boxes.

Final thoughts

"The Basics of Digital Forensics" is extremely easy to read and understand, and tackles the topic in a very broad manner. All in all, it's a perfect book for those who are interested in the subject and for gauging whether they might be interested in finding out more about it in the future.