Hacking Exposed: Computer Forensics Secrets & Solutions (2nd edition)

Aaron Philipp, David Cowen and Chris Davis

Published by

McGraw-Hill

ISBN

978-0-07-162677-4

RRP

£34.99

Reviewed by

Nick Dunn

Score

8 out of 10

Hacking Computer Forensics ExposedThis updated edition provides the reader with the required technical knowledge to carry out an investigation and also some very helpful practical advice in regard to following correct processes, securing evidence and complying with legal requirements (admittedly with a US bias).

The book starts with a couple of chapters concerned with protecting the investigator’s credibility when testifying. A nice touch is a chapter giving a comprehensive summary of IT fundamentals, which is provided for revision purposes the day before taking the stand to prevent attempts to discredit the investigator with pedantic questions about the mechanics of hard disks, file partitions in MS-DOS and so on. The chapter following this explains how to properly secure all evidence to prevent tampering and spoiling and to allow the investigator to testify with full confidence that they are presenting forensically sound evidence.

The main section of the book is the most technical and consequently of the most interest to the more technical reader. It deals with the collection of evidence from a variety of machines including Macs, PCs, Linux machines, enterprise servers and mobile devices. Some comprehensive coverage is provided detailing techniques and tools to isolate and recover information and to retrieve ‘deleted’ data.

Sections concerning the justice system and criminal law related to IT contain vital knowledge for a forensics practitioner, but any reader in the UK would need to supplement their knowledge using other sources as the book is written for a US audience. This is understandable when viewed in terms of the size of the respective markets, however it does reduce the value of the book to readers based in the UK.

While all the advice given is very good and very comprehensive, the reader should be advised that it would be unwise, to say the least, to attempt to carry out a forensic investigation solely under the instruction of this book, without additional training and support.

Further Information: McGraw-Hill

May 2010