***** Computer Forensics: Computer Crime Scene Investigation, Second Edition. By John Vacca; published by Charles River Media, www.charlesrivermedia.com; available from amazon.com (Web); 832 pages; $32.97 (from amazon.com).
Author John Vacca’s considerable erudition on computing, networking, and IT security is apparent in this encyclopedic 832-page work. While experts in the field will likely get a lot of value out of the book, the content and presentation make this a difficult read for beginners or security generalists.
Vacca covers the major areas of computer forensics and devotes a huge portion of his book to information warfare. Few topics in computer or network security remain untouched. The book offers lengthy sections of helpful checklists, case studies, and answers to test questions found at the end of each chapter. In the hands of a security specialist in computer forensics or an avid technophile, these reader aids can be edifying and valuable.
For novices or general security practitioners, on the other hand, the information can be bewildering. The information is too detailed and complicated for beginners. It would have been nice, for instance, had Vacca gone step by step into what slack space on a hard drive is and how it can be identified and read. But the information is well suited for a sophisticated audience.
A more serious problem is that the book casts too broad a net, pulling in all sorts of interesting but peripheral information. Information warfare can be fascinating, but is practical mainly for military strategists. How many security professionals—or for that matter experts in computer forensics—actually participate in hardcore information warfare?
Another concern is the accompanying CD-ROM. In encyclopedic works such as this, the reader can fairly expect a hyperlinked version of the main text, along with supplemental material. On this disk, however, the reader finds a few publications, promotional brochures, and demo software from computer-forensics vendors. Even this material could have been more useful had the publications and software been grouped by topic, rather than vendor.
Even somewhat experienced forensics experts might have quibbles about some of the information on the CD. One checklist item states: “Mathematically authenticate the information discovery file or files.” Is Vacca talking about Cyclical Redundancy Checking or mathematical hashing like MD5? This may be obvious to experts, but not to anyone else.
>Instructors in computer forensics at the undergraduate or graduate level may judiciously apply this work as part of a course of training as long as they reinforce it with step-by-step classroom learning. Experts will, as mentioned, find the book useful as well, both as a reference and as a resource for certification exams. Beginners and generalists should start elsewhere.p>
Reviewer: Ronald Mendell, CISSP (Certified Information Systems Security Professional), is a freelance writer on security and investigative issues, currently working for a high-tech company in Austin, Texas. He holds a master’s of science degree in network security and is a member of ASIS International.