There are many books addressing the subject of computer forensics out there, but this tome is one of the rare ones that approaches cybercrime investigations in a holistic manner, i.e. combines the investigative strategies of digital forensic examiners and those of the case investigators.
About the author
A former law enforcement officer, Brett Shavers is a Digital Forensics Practitioner, expert witness, and Adjunct Instructor for the University of Washington Digital Forensics program.
Inside the book
The main problem with digital crimes is the problem of attribution - how to discover who committed the crime, and how to prove, without a shred of a doubt, that the suspect is guilty.
This book is a guide on how to do it, and the author, although touching on the subject of software and hardware needed for the investigation, puts the main focus on the investigators' mind / ideas.
Although electronic evidence can be circumstantial or direct, the thing that investigators should keep in mind is that, in the end, such evidence will be presented to a judge or jury that will likely have problems with grasping technical intricacies, so they need to present it in a manner that will be understandable to everyone.
The book starts with an introduction into digital evidence collection, and the various approaches to it depending on the status of the target system. It touches very briefly the issue of data collection from seized smartphones and cellular devices.
Chapter 2 deals with the intricacies of "high-tech" questioning of suspects, victims and network admins, and contains a massive set of questions with which to thoroughly debrief them (if they can be persuaded to speak). The next one addresses the strategies for physical investigation and electronic surveillance, and the one after details digital investigative techniques.
Chapter 5 addresses the problem of putting the evidence together in a structured manner and forming correct conclusions, gives tips on methods of compiling information to weed irrelevant data to develop a suspect list, and how to avoid potential bouts of "blindness" due to overexposure to the material.
Chapter 6 deals with the cataloguing of evidence (and helpful tools for doing it right) and the analysis of this material, and the next one with methodologies of case presentation (to a variety of audiences).
The last part of the book offers cheat sheets, visual and investigative aids, checklists; addresses online investigation, and finishes with interesting case studies (Paul Ceglia vs. Zuckerberg and Facebook, the FBI anthrax investigation, and many, many more).
This book offers a complete picture of a cybercrime investigation, and with the author's clear and interesting writing, it manages to give aspiring digital forensic investigators a good idea of what such a job entails when working with law enforcement. It's a very easy and engaging read.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.