Book Review: Computer Investigation by Elizabeth Bauchner

Who is the target audience for this book?

Make no mistake. This book is not targeted for computer professionals. If you have a degree in Computer Science or just know a lot about computers, you won’t learn anything from this book. This book is targeted to children in the middle school age group, but it would also be a good introductory book for adults.

That said, what does the book talk about?

What is the science of computer forensics?

Computer forensics is a two-part process. First, data is retrieved and then the data is used. It is different from other forensic sciences because the data usually stands on its own and does not need to be interpreted.

What are the many duties of a computer forensics technician?

While doing their job, computer forensic specialists must preserve evidence, not introduce viruses or worms into a system, handle data properly, keep evidence within the chain of command, reduce the impact of the system’s analysis on any businesses affected, and make sure privileged information is not divulged.

Following those rules, computer forensic professionals find hidden files, swap files, and temp files used by the operating system and by applications. They access these files and protected and encrypted files, searching for information relevant to the case. They analyze the data found, especially in areas normally considered inaccessible. They perform an over all system analysis and list all relevant files. They provide an opinion of the system’s layout and who authored which files. They make notes of attempts to delete or protect files, and they provide expert testimony and/or consultation in court as needed.

The book gives definitions for commonly used words, or jargon, in the industry.

A hacker is someone who is really interested in a piece of technology and learns all possible about the technology.

A cracker is someone who uses their hacker knowledge for bad.

Hackers are white hat, and crackers are black hat hackers.

A phreaker was a person who scammed the telephone company to get free long-distance calls.

Spoofing is mimicking a website (or an email) so the receiver thinks the sender is someone else.

Phishing is trying to get information from people, like their user accounts and passwords, and social security numbers.

A virus is a program, attached to another program, that infects a system when the program is opened. The virus can’t do anything unless the program is opened and ran.

A worm is like a virus, but it can replicate itself without other programs being opened.

A Trojan horse is a program that pretends to be a different kind of program.

Denial of Service (DoS) is when a cracker tries to prevent a system from being accessible by its normal users.