InfoSec Reviews – Digital Forensics for Network, Internet, and Cloud Computing

Reviewer Name: John Hughes

Reviewer Qualifications: CLAS, ITPC, M Inst ISP, ISO 27001 Lead Auditor, GCFE, MBCS

Book Title: Digital Forensics for Network, Internet, and Cloud Computing

Subtitle: A Forensic Evidence Guide for Moving Targets and Data

Author(s): Terrence V. Lillard, Clint P. Garrison, Craig A. Schiller, James Steele

Publisher: Syngress (The title is out of print with no plans for a new edition)

Date of Publishing: 2 July 2010

ISBN(13): 9781597495370

Price (UK&US price – full price, not discounted price): £42.99,   $69.95

Kindle (UK & US): £20.20,   $33.11

URL of Publisher Site: Syngress

URL of Amazon UK web page: Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data

URL of Amazon UK web page: Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data

URL of Amazon US web page: Seems in the US – only kindle version available!

URL of Amazon US web page: Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data

Another book that has in its title a theme of virtualization or cloud computing – but in reality this book is primarily about network forensics, in which, it’s my option, that it does quite a reasonable job.  However, it does have a number of shortfalls, but more on that later.The book consists of 368 pages, divided into six parts with a total of 13 chapters.  Part 1 sets the scene.  Part 2 then goes on to describe how to capture network traffic and evidence.  In particular, it describes a number of the key tools in networking analysis, including tcpdump, wireshark, fiddler and Snort.  Part 3 shows how to analyze evidence with open source software.  However, and quite bizarrely, the first chapter in this section describes the TCP protocol.  Surely one should describe this before delving into the intricacies of Wireshark?  Part 4 goes on to describe a number of commercial network forensics applications, namely NetWitness Investigator and SilentRunner.  Part 5 provides guidance to the forensics investor on how to make a case, including incorporating network forensics into incident response plans and admissibility requirements.  Part 6 concludes the book by looking at the future of network forensics.  Chapter 12 in this section is about the future of cloud computing – a total of just 20 pages! One has to ask oneself whether having just 20 pages on this subject deserves “Cloud Computing” to be in the title?So, what of the shortfalls?  Given that many of the network attacks are web-based, I wished it had provided an overview of the HTTP protocol and the various techniques in session management (e.g. cookies) and attacks against it (e.g. XSS).  It did quite a good job in providing an overview of TCP/IP, however, the book would have been so much better if it included an overview of HTTP, as well as some of the types of web attacks one could encounter.  The quality of the book, in places, was not to the level I would have expected.  There were a number of screenshots that were unreadable.  In addition, the book was very inconsistent in having a reference section.  A number of chapters had a very long and complete reference section, while a few chapters had no reference section at all; yet it was obvious that they required a reference section.  Poor screenshots and lack of references seems like laziness on behalf of the author and publisher.

As a result of these problems with the book, I only gave it a score of 3.  However, it would not have taken much to attain a score of 4, with just a little additional care and attention from the author and publisher.

Although this book disappointed me, I still think it is a valuable addition to a forensics investigator’s bookshelf, especially if the investigator is not so familiar with the mysterious world of networking.  However, I would advise any person wanting to get into this field to read a number of more detailed books describing the key open source tools in this area, namely, Wireshark, nmap and Snort.  Definitely don’t expect this to be a book on the issues around Cloud Forensics.

Marks: 3 out of 5

***

AllEscortAllEscortAllEscort