CyberForensics

brothke writes "CyberForensics: Understanding Information Security Investigations is a new book written by a cast of industry all-stars. The book takes a broad look at cyberforensics with various case studies. Each of the book's 10 chapters takes a different approach to the topic. The book is meant to be a source guide to the core ideas on cyberforensics." Read on for the rest of Ben's review.

CyberForensics: Understanding Information Security
author	Jennifer Bayuk (Editor)
pages	167
publisher	Humana Press
rating	8/10
reviewer	Ben Rothke
ISBN	978-1607617716
summary	New book written by a cast of industry all-stars

The book notes that there is a cohesive set of concepts that binds cybersecurity investigators to a shared vision, of which is tries to be a source to. But at 150 pages, while all of the chapters are well-written and enlightening, the book does not have the breadth and depth needed to be a single source of all things cyberforensics.

Jennifer Bayuk is the books editor, who also wrote the introduction. I reviewed two of Bayuk's books on this site, Stepping Through the InfoSec Program and Enterprise Security For the Executive. Bayuk's introduction provides a historical background to the subject and puts things into context. The chapter uses a fantastic visual tool to explain the complete cyberforensic framework.

Chapter 2 is about the Complex World of Corporate CyberForencisc Investigations, and does a good job of detailing the various elements involved in getting various corporate departments integrated during an investigation. IT in an enterprise setting is fraught with challenges. Performing a forensic investigation in enterprise IT is even more challenging. Often these groups have different agendas and react quite different to a forensic event. The author uses the analogy of a puzzle, which can be complex to put together, but is challenging and necessary nonetheless.

Many of the chapters take a broader view of the topic, while others are quite detailed. Perhaps the best chapter in the book is chapter 6 – Analyzing Malicious Software from Lenny Zeltser. The chapter is an outgrowth of Zeltser's SANS Security 569 course on the topic. The chapter use of a case study to detail the behaviors analysis of malicious code provides an excellent synopsis of how to analyze and debug malicious code.

Chapter 7 on Network Packet Forensics from Eddie Schwartz is another exceptional chapter that provides the reader with a walk-through of using various digital forensic input to solve an incident.

Chapter 10 in Cybercrime and Law Enforcement Cooperation is about how to interface with law enforcement during a cyberforensic investigation. This may be the Achilles heel of forensics is that getting external cooperation is difficult at best, and often impossible. A recent example of this is when a friend of mine who had detailed information about the source of the Stuxnet worm. He attempted to share the information with law enforcement without much success. The various organizations were not receptive to it and didn't to take action on his well-researched claims.

The book is written for an experienced practitioner who wants an overview of current trends. This is not a for dummies type of book. Readers are expected to be comfortable with varied topics such as Wireshark packet capture, code analysis, investigations, and more. Those looking for an introduction to cyberforensics should definitely consider another title such as Computer Forensics for Dummies.

A problem with books of collaborations such as this is that they often lack a consistent stream of thought. This book is suffers from that, but to a limited degree. It is impossible for ten different authors wring about the same subject not to have different styles. An example of that is the use of the spelling of both CyberForensics and Cyberforensics in the book.

At 150 pages, the book is a relatively quick initial read, and covers numerous interesting areas.

The only downside to the book is that it has a prohibitive list price of $189.00 A month after its release, that price may be the reason why it has an Amazon Bestsellers Rank of #1,399,835.

While the book has excellent content, its exorbitant price will simply ensure that its sales will be eclipsed by the Pocket Oxford Latin Dictionary, coming in way ahead with an Amazon Bestsellers Rank of 182,392.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase CyberForensics: Understanding Information Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

CyberPriceGouging

[Thinine]

Holy shit, $189! Seriously, WTF? Is it printed in gold leaf?

Re:

[Anonymous Coward]

Costs more $ than it has pages, LOL!!

Re:

[vlm]

We now return to the very recent slashdot story about the epic fail of college bookstores trying to charge more per page than the college library charges for photocopying service.

All they need to do is add enough fluff to get the book below 10 cents per page. Aren't editors good for anything anymore? If the dumbest spammers can figure out how to insert nonsense into email spam, how come book editors can't figure it out?

Re:

[perotbot]

nope, inkjet ink! 8000 a gallon!

Re:

[Abstrackt]

nope, inkjet ink! 8000 a gallon!

So they printed it white on black?

Re:

[elrous0]

Must be a college textbook. They'll really rape you on those.

Re:

[inanet]

I imagine that a majority of those exorbitantly priced books are available for free download by the "criminal element" if you know where to look.

this isn't a set of lock picks, an assault rifle or a hazardous chemical, its something that can be digitised and distributed pretty easily, and at 150 pages even in a huge pdf it'd probably take between 5 and 10 seconds on a slow broadband link.


so the idea that the "good" guys are going through training programs the "bad guys" aren't privvy to the informatio

Re:

[decipher_saint]

Well, it did receive the highly coveted and unique 8 out of 10 review score on Slashdot...

I keed, I keed :-)

Re:

[timeOday]

It's also available used, starting at $199.47 [amazon.com].

Cyber? Really?

[losttoy]

Any term or word tagged with the prefix "cyber" reeks of ignorance and opportunism. So thanks but no thanks, for this book.

Re:

[$RANDOMLUSER]

Have you noticed the recent trend in commercials to misuse the word "technology", too? Like "stain-fighting technology" and "odor fighting technology". Here's an idea: don't call it "technology" if it isn't!

Re:

[vlm]

Oh, its technology, just 1940s technology. I think laundry "soaps" have been sulfonate detergents since the earliest days of the baby boom at the latest.

Re:

[Hognoxious]

Alkali metal salts of fatty acids were new once. Before that it was just water, maybe with some herbs in it - IIRC lavender gets its name because it's a mild detergent.

So in a way everything's "technology", even a sharpened rock. Therefore nothing is, and the term is meaningless.

Re:

[PatPending]

Any term or word tagged with the prefix "cyber" reeks of ignorance and opportunism. So thanks but no thanks, for this book.

That is a disingenuous statement (or perhaps a bit snobbish).

Or perhaps you never heard the adage, "Never judge a book by its cover."

If you had been open-minded and fair, and genuinely interested in the subject matter (rather than making a juvenile comment), you would have taken the time to look at the free preview provided by Amazon, in particular the Foreward, you would have discovered their reasoning (emphasis added):

Cyberforensics is a fairly new word in the technology [of***] our industry, but one that nevertheless has immediately recognizable meaning. Although the word forensics may have its origins in formal debates using evidence, it is now closely associated with investigation into evidence of crime. As the word cyber has become synonymous with the use of electronic technology, the word cyberforensics bears no mystery. It immediately conveys a serious and concentrated endeavor to identify the evidence of crimes or other attacks committed in cyberspace.

*** Oh, for goodness sake, a typo in the first sentence of a $189 book!

Re:

[noidentity]

As the word cyber has become synonymous with the use of electronic technology, the word cyberforensics bears no mystery.

Use of electronic technology, eh? In that case, I, a cyberuser here on this cyberwebsite, am glad this cyberreview was posted today. I and other cyberusers can make cybercomments in this cyberdiscussion about the cyberreview. We can even benefit from the cybermoderation system that allows cybermoderators to cybermod cyberposts up and down.

Re:

[Securityemo]

"Cyberwarfare" sounds good. That's basically the only reason you need to use a word. It doesn't matter that to computer geeks "Cyberspace" is a word only old people and small children would use, with exceptions for use in manga and anime. Guess what? Those top generals, statesmen and experts? Pretty old.

Re:

[noidentity]

I used to dislike the e- prefix, but it's much preferable to cyber. email, OK. ebanking, OK. cybermail, NO. cyberbanking, NO.

Re:

[vlm]

Oh, for goodness sake, a typo in the first sentence of a $189 book!

Its only $189 instead of $190 for a reason, you know.

Re:

[$RANDOMLUSER]

I think he raises a valid point, since most of the recent talk of "cyberwarfare", "cybersecurity", even "cyberczar" and the like comes from either clueless government types or those trying to sell the government something.

Re:

[Hognoxious]

you would have taken the time to look at the free preview provided by Amazon, in particular the Foreward

Did they call it that, or have you just been hoist with your own petard?

Re:

[Securityemo]

Unless, god forbid, the kind of people who get into information security generally are the kind of personalities who would use whatever words required to communicate with others.

Re:

[CarpetShark]

Any term or word tagged with the prefix "cyber" reeks of ignorance and opportunism.

I was about to say that the military also use the term, but I guess you have that covered with "ignorance" :)

Re:

[Hognoxious]

Any term or word tagged with the prefix "cyber" reeks of ignorance and opportunism.

Look on the bright side - at least it's not an e-i-nano-mashup, and it doesn't have 2.0 on the end. That'd be so exponentially annoying it would literally make my head explode.

ECONOFORENSICS

[cosm]

At that price, this good is so excludable they will have to use econoforensics to find the tard that would MSRP this book at that price-point. Perhaps they are shooting for the scholastic world, for what does price matter if it is required reading for a class (says the book publishers, anyways).

Perhaps I will just download a cybercopy with LimeWire. Oh wait.

Re:

[cosm]

This means all virtualization instances shall now be referred to as "cybercybermachines".

A very controversial field

[HalAtWork]

How do you get fingerprints from someone with a robot hand? Is it ethical to use data from enhanced memory storage devices connected to the brain if the cyborg it belonged to did not explicitly and voluntarily express the data? These questions and many more are asked every day in the field of Cyber Forensics. I appreciate that this book looks into these controversial topics, it helps that we're trying to anticipate these dilemmas in the hopes that we can resolve them before they are commonplace.

Re:

[t2t10]

At that price, the book hardly can make a contribution to public debate.

Grammar Police

[K-tWizel]

"Each of the books 10 chapters..." should be "Each of the book's ten chapters..." .... just sayin'

Re:

[Nihixul]

Not to mention the following, "This may be the Achilles heel of forensics is that getting external cooperation is difficult at best, and often impossible."

Re:

[by (1706743)]

The book notes that there is a cohesive set of concepts that binds cybersecurity investigators to a shared vision, of which is tries to be a source to.

(My emphasis...)

Paging David Caruso

[schmidt349]

Ah, the Internet... where men are men, women are men...

(puts on glasses)

... and children are FBI agents.

Re:

[alanhhot]

Ah, the Internet... where men are men, women are men...

(puts on glasses)

... and children are FBI agents.

Well, do not exaggerate! There is also pleasant exceptions.

OmgWtfCamelCase

[Anonymous Coward]

iDon't earn enough CyberMoney to e-waste it on this NetBook.

Price due to 13 authors; more of a White Paper

[PatPending]

Given that the list of contributors includes 13 industry experts in this field, it is grossly unrealistic to expect this book to retail for the normal $34.95 (or whatever the normal price is). I don't know what the net profit is for a $34.95 book, but consider: would you be willing to invest YOUR time for just 1/13 of it? I wouldn't.

In terms of pricing and content, one should thus consider this more of a White Paper.

I for one am delighted at this collaboration -- each expert given an opportunity to write about their specialty.

Otherwise (individually) they could not (or more likely, would not) have written a book on their own.

Re:

[vlm]

but consider: would you be willing to invest YOUR time for just 1/13 of it? I wouldn't.

Yet they only did 1/13th of the work... seems fair.

Also, the vanity press market-segment disagrees with your assessment that no "expert" would write a book for free.

In terms of pricing and content, one should thus consider this more of a White Paper.

Isn't marketing spam supposed to be free?

Re:

[PatPending]

Yet they only did 1/13th of the work... seems fair.

Yes; I realized that afterward.

I am not familiar with the "vanity press market-segment" so I have no comment.

Isn't marketing spam supposed to be free?

I have not seen the actual content so I can't comment on this. Have you seen the content? And if not, why would you presume it's marketing spam?

Re:

[Securityemo]

Yeah. Almost all of the security knowledge regarding attack methods and proposed defenses floating around in public is in the shape of white papers (or bad rehashes of original whitepapers). This isn't really obvious, I think, but if you just know the lingo used for different attacks you can just google for them. It's like a professional continuation of the text-files apparently common up to the early-mid nineties. I don't know if there's any actual sale of white papers inside the security industry, as I've

Re:

[PatPending]

Forward? Foreward?

Good one! "Forward by Amit Yoran" HA!

Yes, this book is riddled with typos.

You ask and you receive

[the_hellspawn]

Computer Forensic book for dummies is here and titled Enterprise Security for the Executive:... located at Amazon too. This book also has a coloring book on the opposite page as the text. That way when in a meeting the Executive looks like they are 'hip' to IT Security, but inside it is full of fun.

"A consistent stream of thought"

[Random Data]

"A problem with books of collaborations such as this is that they often lack a consistent stream of thought."
A problem with this reviews is it lacks a consistent stream of thought. I know that this is /., but I really have trouble taking a review seriously when the author can't string two sentences together without my having to reread due to a change in tense or subject. I'm certainly not going to buy a $180 book on the word of a review like this.

I call "bullshit!" on Amazon!

[PatPending]

The original review had the Amazon Bestsellers Rank at #1,399,835.

Earlier today when I looked at the rating it had gone down to #1,6xx,xxx

And just now when I looked at it, it's at #40,592 !

What changed? Well, a review by brothke's was posted at the site (four stars) and /. readers had simply looked at the page.

I call "BULLSHIT!" on Amazon!

Google says 450 pages

[jroysdon]

I'm not sure where they got their page count info from. Google shows it is 450 pages long:

Google Shopping [google.com].