Tell Me Something I Don't Already Know
Littlejohn Shinder writes a fairly topical analyses of various facets of cybercrime -including several- what can only be described as Computers 101 sections but if you're a typical n00b then it will all seem like a glorious epiphany. In Ch 4 she gets a little on the didactic side where she attempts to debunk the various stereotypes and cliched mindsets associated with the hacking community but she falls far short of any real insight.
Don't bother reading this book if you have even a modicum of tech savvy - the writer won't be telling you anything that you don't already know or figured out for yourself hands on. BTW, most of the URLS provided as reference in this book are 404, which is only to be expected given its 2002 publication date, however I include the comment here in this review because if you're like me, then you like to check out the resources the writer used.
Lastly, by no stretch of the imagination should this title be considered a computer forensics book. The only audience that will consider said title as such are executive officers and marketing types who don't have a clue.
Handy little book
Overall, a very good book.
At times, tries to be too much to too many.
But good info.
Neither Fish Nor Fowl
This is a tough book to review as it tries to speak to two very different audiences -- corporate information security and law enforcement professionals.
The corporate information security professionals will find the technical details misleading and over simplified but will definitely benefit from the detailed discussions of proper process and procedure.
The author leverages her experience as a police officer and academy instructor to good effect in educating us on the viewpoint of the law enforcement community and the requirements we must meet in collecting and preserving admissible evidence.
My advice would be to VERY lightly skim the "technical" material on vulnerabilities, exploits and defenses while reserving detailed reading for the material dealing with process and procedures as well as the logistics for involving and interacting with law enforcement.
So very good on so many levels...
I'm currently in the middle of the book Scene Of The Cybercrime by Debra Littlejohn Shinder, but I decided to do a review right now. This is a really good book on a number of levels...Most books on computer and network security are written for the techie trying to secure their assets from outside attack. Obviously, there's a huge need for that information. But it seems that there is virtually nothing written from the law enforcement perspective on computer security. That's a major problem in two ways... For one, there are too few law enforcement personnel that understand exactly what cybercrime is and how it can be detected, fought, and prosecuted. That's probably the audience that would benefit most from this book. Second, most technical personnel don't know what to do in order to successfully build a case and prosecute an attacker once an intrusion has occurred. That's the other audience that will gain the most from reading Shinder's work.
The book includes the following chapters: Facing the Cybercrime Problem Head On; Reviewing the History of Cybercrime; Understanding the People on the Scene; Understanding Computer Basics; Understanding Network Basics; Understanding Network Intrusions and Attacks; Understanding Cybercrime Prevention; Implementing System Security; Implementing Cybercrime Detection Techniques; Collecting and Preserving Digital Evidence; Building the Cybercrime Case
The hardcore network security administrator will probably already know most of the information in the "Understanding..." chapters. But unless they are adept or experienced in forensic analysis, the last three chapters will be crucial information for them. Without the knowledge of how to preserve evidence, there's a good chance that you'll never have the satisfaction of seeing your attacker prosecuted. Higher level managers of a corporate security department will find all of this information useful, as they may not be as hands-on as the administrators and may not understand what threats and risks are present in today's environment.
From the law enforcement perspective, it's all good. Fighting cybercrime is so different than regular law enforcement. This is the perfect volume to give the budding cybercop all the information they need to get up to speed with how crime is conducted electronically. I would recommend that this book be required reading for law enforcement and prosecution personnel.
The book is well written with plenty of real-life examples of criminal activities and legal scenarios. It's one of the most engrossing technical reads I've had in awhile. A definite recommended read...
Generic Information Security reading.
Hi,
This book covers all aspects of information security but the title of the book is kind of misleading as the book only has 2 chapters that talk about anything close to Forensics.
Would recommend this book to someone who is new to Information security . This ones certainly not a Forensics book .
