Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

CyberForensics

samzenpus posted more than 3 years ago | from the read-all-about-it dept.

Book Reviews 58

brothke writes "CyberForensics: Understanding Information Security Investigations is a new book written by a cast of industry all-stars. The book takes a broad look at cyberforensics with various case studies. Each of the book's 10 chapters takes a different approach to the topic. The book is meant to be a source guide to the core ideas on cyberforensics." Read on for the rest of Ben's review.The book notes that there is a cohesive set of concepts that binds cybersecurity investigators to a shared vision, of which is tries to be a source to. But at 150 pages, while all of the chapters are well-written and enlightening, the book does not have the breadth and depth needed to be a single source of all things cyberforensics.

Jennifer Bayuk is the books editor, who also wrote the introduction. I reviewed two of Bayuk's books on this site, Stepping Through the InfoSec Program and Enterprise Security For the Executive. Bayuk's introduction provides a historical background to the subject and puts things into context. The chapter uses a fantastic visual tool to explain the complete cyberforensic framework.

Chapter 2 is about the Complex World of Corporate CyberForencisc Investigations, and does a good job of detailing the various elements involved in getting various corporate departments integrated during an investigation. IT in an enterprise setting is fraught with challenges. Performing a forensic investigation in enterprise IT is even more challenging. Often these groups have different agendas and react quite different to a forensic event. The author uses the analogy of a puzzle, which can be complex to put together, but is challenging and necessary nonetheless.

Many of the chapters take a broader view of the topic, while others are quite detailed. Perhaps the best chapter in the book is chapter 6 – Analyzing Malicious Software from Lenny Zeltser. The chapter is an outgrowth of Zeltser's SANS Security 569 course on the topic. The chapter use of a case study to detail the behaviors analysis of malicious code provides an excellent synopsis of how to analyze and debug malicious code.

Chapter 7 on Network Packet Forensics from Eddie Schwartz is another exceptional chapter that provides the reader with a walk-through of using various digital forensic input to solve an incident.

Chapter 10 in Cybercrime and Law Enforcement Cooperation is about how to interface with law enforcement during a cyberforensic investigation. This may be the Achilles heel of forensics is that getting external cooperation is difficult at best, and often impossible. A recent example of this is when a friend of mine who had detailed information about the source of the Stuxnet worm. He attempted to share the information with law enforcement without much success. The various organizations were not receptive to it and didn't to take action on his well-researched claims.

The book is written for an experienced practitioner who wants an overview of current trends. This is not a for dummies type of book. Readers are expected to be comfortable with varied topics such as Wireshark packet capture, code analysis, investigations, and more. Those looking for an introduction to cyberforensics should definitely consider another title such as Computer Forensics for Dummies.

A problem with books of collaborations such as this is that they often lack a consistent stream of thought. This book is suffers from that, but to a limited degree. It is impossible for ten different authors wring about the same subject not to have different styles. An example of that is the use of the spelling of both CyberForensics and Cyberforensics in the book.

At 150 pages, the book is a relatively quick initial read, and covers numerous interesting areas.

The only downside to the book is that it has a prohibitive list price of $189.00 A month after its release, that price may be the reason why it has an Amazon Bestsellers Rank of #1,399,835.

While the book has excellent content, its exorbitant price will simply ensure that its sales will be eclipsed by the Pocket Oxford Latin Dictionary, coming in way ahead with an Amazon Bestsellers Rank of 182,392.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase CyberForensics: Understanding Information Security from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Sorry! There are no comments related to the filter you selected.

Hmm.. (0)

Anonymous Coward | more than 3 years ago | (#34040640)

lol

CyberPriceGouging (4, Funny)

Thinine (869482) | more than 3 years ago | (#34040682)

Holy shit, $189! Seriously, WTF? Is it printed in gold leaf?

Re:CyberPriceGouging (2, Informative)

Anonymous Coward | more than 3 years ago | (#34040776)

Costs more $ than it has pages, LOL!!

Re:CyberPriceGouging (1)

vlm (69642) | more than 3 years ago | (#34041154)

We now return to the very recent slashdot story about the epic fail of college bookstores trying to charge more per page than the college library charges for photocopying service.

All they need to do is add enough fluff to get the book below 10 cents per page. Aren't editors good for anything anymore? If the dumbest spammers can figure out how to insert nonsense into email spam, how come book editors can't figure it out?

Re:CyberPriceGouging (1)

perotbot (632237) | more than 3 years ago | (#34040830)

nope, inkjet ink! 8000 a gallon!

Re:CyberPriceGouging (1)

Abstrackt (609015) | more than 3 years ago | (#34041072)

nope, inkjet ink! 8000 a gallon!

So they printed it white on black?

Re:CyberPriceGouging (0)

Anonymous Coward | more than 3 years ago | (#34042944)

So they printed it white on black?

I've seen it happen... and the clueless person could not be convinced it was a bad idea.

Re:CyberPriceGouging (2, Insightful)

elrous0 (869638) | more than 3 years ago | (#34040834)

Must be a college textbook. They'll really rape you on those.

Re:CyberPriceGouging (0)

Anonymous Coward | more than 3 years ago | (#34041546)

Worse, it's a SANS certification course guide. Those can easily run into the hundreds. $189 is probably the cheapest (useful) book for that course.

The Certification training for Information Security is going the way of the Nortel phone systems. Proprietary material, proprietary terminology and a bevy of training programs that run into the thousands.

It's also the same idea behind the Rosetta Stone product line, there is no real competitor, and the service is in demand to individuals willing to pay the exorbitant prices associate with them.

The thing that it really does is it keeps the training programs that the "good" guys are going through out of easy reach of the criminal element. Though arguably books outside the price of what a professional would spend on themselves puts it out of the range of most Something/Security professionals since their training budgets are split between multiple topics. So treat this book as what it is, a book written by industry security professionals for industry security professionals.

Re:CyberPriceGouging (1)

inanet (1033718) | more than 3 years ago | (#34044508)

I imagine that a majority of those exorbitantly priced books are available for free download by the "criminal element" if you know where to look.

this isn't a set of lock picks, an assault rifle or a hazardous chemical, its something that can be digitised and distributed pretty easily, and at 150 pages even in a huge pdf it'd probably take between 5 and 10 seconds on a slow broadband link.


so the idea that the "good" guys are going through training programs the "bad guys" aren't privvy to the information in is really more bollocks than anything else.

either the "bad guys" invented what the book is discussing, or they won't have much trouble getting access to it.

Re:CyberPriceGouging (0)

Anonymous Coward | more than 3 years ago | (#34045110)

It's how the publishers justify the crap. Not the reality. I guess you've never been subjected to InfoSec religion.

Re:CyberPriceGouging (1)

decipher_saint (72686) | more than 3 years ago | (#34041364)

Well, it did receive the highly coveted and unique 8 out of 10 review score on Slashdot...

I keed, I keed :-)

Re:CyberPriceGouging (2, Informative)

timeOday (582209) | more than 3 years ago | (#34041746)

It's also available used, starting at $199.47 [amazon.com] .

The ONLY Core Guide Required : (-1, Troll)

Anonymous Coward | more than 3 years ago | (#34040702)

is to remove Crapware [www.microsoft] .

Go ahead and mod this guide to cyberforensics DOWN !

Yours In Minsk,
K. T.

Cyber? Really? (2)

losttoy (558557) | more than 3 years ago | (#34040706)

Any term or word tagged with the prefix "cyber" reeks of ignorance and opportunism. So thanks but no thanks, for this book.

Re:Cyber? Really? (0)

Anonymous Coward | more than 3 years ago | (#34040806)

amen

Re:Cyber? Really? (1)

$RANDOMLUSER (804576) | more than 3 years ago | (#34040908)

Have you noticed the recent trend in commercials to misuse the word "technology", too? Like "stain-fighting technology" and "odor fighting technology". Here's an idea: don't call it "technology" if it isn't!

Re:Cyber? Really? (1)

vlm (69642) | more than 3 years ago | (#34041184)

Oh, its technology, just 1940s technology. I think laundry "soaps" have been sulfonate detergents since the earliest days of the baby boom at the latest.

Re:Cyber? Really? (1)

Hognoxious (631665) | more than 3 years ago | (#34099138)

Alkali metal salts of fatty acids were new once. Before that it was just water, maybe with some herbs in it - IIRC lavender gets its name because it's a mild detergent.

So in a way everything's "technology", even a sharpened rock. Therefore nothing is, and the term is meaningless.

Re:Cyber? Really? (1)

PatPending (953482) | more than 3 years ago | (#34040976)

Any term or word tagged with the prefix "cyber" reeks of ignorance and opportunism. So thanks but no thanks, for this book.

That is a disingenuous statement (or perhaps a bit snobbish).

Or perhaps you never heard the adage, "Never judge a book by its cover."

If you had been open-minded and fair, and genuinely interested in the subject matter (rather than making a juvenile comment), you would have taken the time to look at the free preview provided by Amazon, in particular the Foreward, you would have discovered their reasoning (emphasis added):

Cyberforensics is a fairly new word in the technology [of***] our industry, but one that nevertheless has immediately recognizable meaning. Although the word forensics may have its origins in formal debates using evidence, it is now closely associated with investigation into evidence of crime. As the word cyber has become synonymous with the use of electronic technology, the word cyberforensics bears no mystery. It immediately conveys a serious and concentrated endeavor to identify the evidence of crimes or other attacks committed in cyberspace.

*** Oh, for goodness sake, a typo in the first sentence of a $189 book!

Re:Cyber? Really? (2, Funny)

noidentity (188756) | more than 3 years ago | (#34041088)

As the word cyber has become synonymous with the use of electronic technology, the word cyberforensics bears no mystery.

Use of electronic technology, eh? In that case, I, a cyberuser here on this cyberwebsite, am glad this cyberreview was posted today. I and other cyberusers can make cybercomments in this cyberdiscussion about the cyberreview. We can even benefit from the cybermoderation system that allows cybermoderators to cybermod cyberposts up and down.

Re:Cyber? Really? (1)

Securityemo (1407943) | more than 3 years ago | (#34041310)

"Cyberwarfare" sounds good. That's basically the only reason you need to use a word. It doesn't matter that to computer geeks "Cyberspace" is a word only old people and small children would use, with exceptions for use in manga and anime. Guess what? Those top generals, statesmen and experts? Pretty old.

Re:Cyber? Really? (1)

noidentity (188756) | more than 3 years ago | (#34055698)

I used to dislike the e- prefix, but it's much preferable to cyber. email, OK. ebanking, OK. cybermail, NO. cyberbanking, NO.

Re:Cyber? Really? (1)

vlm (69642) | more than 3 years ago | (#34041238)

Oh, for goodness sake, a typo in the first sentence of a $189 book!

Its only $189 instead of $190 for a reason, you know.

Re:Cyber? Really? (1)

$RANDOMLUSER (804576) | more than 3 years ago | (#34041306)

I think he raises a valid point, since most of the recent talk of "cyberwarfare", "cybersecurity", even "cyberczar" and the like comes from either clueless government types or those trying to sell the government something.

Re:Cyber? Really? (1)

Hognoxious (631665) | more than 3 years ago | (#34099244)

you would have taken the time to look at the free preview provided by Amazon, in particular the Foreward

Did they call it that, or have you just been hoist with your own petard?

Re:Cyber? Really? (0)

Anonymous Coward | more than 3 years ago | (#34132976)

The book uses both Foreward and Forward (sic).

http://en.wikipedia.org/wiki/Foreword

Re:Cyber? Really? (0)

Anonymous Coward | more than 3 years ago | (#34040980)

Yes, Really. From Miriam Webster

Definition of CYBER : of, relating to, or involving computers or computer networks (as the Internet)

It's an accepted prefix defined as to be involving computers and networks. So forensics working in the computer and network realm will be cyberforensics. And most importantly, it's the accepted term in the forensics community.

Get over yourself. Complain about the rediculous price, but to dismiss the book because it is accurately named shows what a fool you are.

Re:Cyber? Really? (1)

Securityemo (1407943) | more than 3 years ago | (#34041258)

Unless, god forbid, the kind of people who get into information security generally are the kind of personalities who would use whatever words required to communicate with others.

Re:Cyber? Really? (1)

CarpetShark (865376) | more than 3 years ago | (#34041668)

Any term or word tagged with the prefix "cyber" reeks of ignorance and opportunism.

I was about to say that the military also use the term, but I guess you have that covered with "ignorance" :)

Re:Cyber? Really? (1)

Hognoxious (631665) | more than 3 years ago | (#34099224)

Any term or word tagged with the prefix "cyber" reeks of ignorance and opportunism.

Look on the bright side - at least it's not an e-i-nano-mashup, and it doesn't have 2.0 on the end. That'd be so exponentially annoying it would literally make my head explode.

ECONOFORENSICS (1)

cosm (1072588) | more than 3 years ago | (#34040816)

At that price, this good is so excludable they will have to use econoforensics to find the tard that would MSRP this book at that price-point. Perhaps they are shooting for the scholastic world, for what does price matter if it is required reading for a class (says the book publishers, anyways).

Perhaps I will just download a cybercopy with LimeWire. Oh wait.

Re:ECONOFORENSICS (0)

Anonymous Coward | more than 3 years ago | (#34040872)

I think you meant CyberLoad a CyberCopy with CyberTorrent on your CyberComputer.

Cybermen.

Re:ECONOFORENSICS (1)

cosm (1072588) | more than 3 years ago | (#34041986)

This means all virtualization instances shall now be referred to as "cybercybermachines".

A very controversial field (2, Funny)

HalAtWork (926717) | more than 3 years ago | (#34040896)

How do you get fingerprints from someone with a robot hand? Is it ethical to use data from enhanced memory storage devices connected to the brain if the cyborg it belonged to did not explicitly and voluntarily express the data? These questions and many more are asked every day in the field of Cyber Forensics. I appreciate that this book looks into these controversial topics, it helps that we're trying to anticipate these dilemmas in the hopes that we can resolve them before they are commonplace.

Re:A very controversial field (1)

t2t10 (1909766) | more than 3 years ago | (#34041252)

At that price, the book hardly can make a contribution to public debate.

Grammar Police (1)

K-tWizel (1724182) | more than 3 years ago | (#34040966)

"Each of the books 10 chapters..." should be "Each of the book's ten chapters..." .... just sayin'

Re:Grammar Police (1)

Nihixul (1430251) | more than 3 years ago | (#34041344)

Not to mention the following, "This may be the Achilles heel of forensics is that getting external cooperation is difficult at best, and often impossible."

Re:Grammar Police (1)

by (1706743) (1706744) | more than 3 years ago | (#34041648)

The book notes that there is a cohesive set of concepts that binds cybersecurity investigators to a shared vision, of which is tries to be a source to.

(My emphasis...)

Paging David Caruso (3, Funny)

schmidt349 (690948) | more than 3 years ago | (#34041042)

Ah, the Internet... where men are men, women are men...

(puts on glasses)

... and children are FBI agents.

Re:Paging David Caruso (1)

alanhhot (1928428) | more than 3 years ago | (#34075398)

Ah, the Internet... where men are men, women are men...

(puts on glasses)

... and children are FBI agents.

Well, do not exaggerate! There is also pleasant exceptions.

OmgWtfCamelCase (1, Funny)

Anonymous Coward | more than 3 years ago | (#34041120)

iDon't earn enough CyberMoney to e-waste it on this NetBook.

Price due to 13 authors; more of a White Paper (2, Insightful)

PatPending (953482) | more than 3 years ago | (#34041168)

Given that the list of contributors includes 13 industry experts in this field, it is grossly unrealistic to expect this book to retail for the normal $34.95 (or whatever the normal price is). I don't know what the net profit is for a $34.95 book, but consider: would you be willing to invest YOUR time for just 1/13 of it? I wouldn't.

In terms of pricing and content, one should thus consider this more of a White Paper.

I for one am delighted at this collaboration -- each expert given an opportunity to write about their specialty.

Otherwise (individually) they could not (or more likely, would not) have written a book on their own.

Re:Price due to 13 authors; more of a White Paper (2, Insightful)

vlm (69642) | more than 3 years ago | (#34041282)

but consider: would you be willing to invest YOUR time for just 1/13 of it? I wouldn't.

Yet they only did 1/13th of the work... seems fair.

Also, the vanity press market-segment disagrees with your assessment that no "expert" would write a book for free.

In terms of pricing and content, one should thus consider this more of a White Paper.

Isn't marketing spam supposed to be free?

Re:Price due to 13 authors; more of a White Paper (1)

PatPending (953482) | more than 3 years ago | (#34041440)

Yet they only did 1/13th of the work... seems fair.

Yes; I realized that afterward.

I am not familiar with the "vanity press market-segment" so I have no comment.

Isn't marketing spam supposed to be free?

I have not seen the actual content so I can't comment on this. Have you seen the content? And if not, why would you presume it's marketing spam?

Re:Price due to 13 authors; more of a White Paper (1)

Securityemo (1407943) | more than 3 years ago | (#34041528)

Yeah. Almost all of the security knowledge regarding attack methods and proposed defenses floating around in public is in the shape of white papers (or bad rehashes of original whitepapers). This isn't really obvious, I think, but if you just know the lingo used for different attacks you can just google for them. It's like a professional continuation of the text-files apparently common up to the early-mid nineties. I don't know if there's any actual sale of white papers inside the security industry, as I've never worked there, but outside of exploits/PoC and major tools like Core Impact it seems unlikely.

Re:Price due to 13 authors; more of a White Paper (0)

Anonymous Coward | more than 3 years ago | (#34041716)

My problem with this statement is "industry experts" are often times no smarter than masses of other people who have the same knowledge and insight but are not well known or do not enjoy celebrity status.

I think the bigger reason for the absurd price tag is the pool of potential buyers is assumed to be very small... But geeze the 173.72 price tag sort of makes that a self-fulfilling prophecy.

Re:Price due to 13 authors; more of a White Paper (0)

Anonymous Coward | more than 3 years ago | (#34041762)

[quote]would you be willing to invest YOUR time for just 1/13 of it?[/quote]

Since they only had to write 1/13 of a book, yes, I would expect that.

I would suspect that many of them could have lifted most of a paragraph from already-written papers or briefs they had produced, with minor edits.

Pricing a "summary of topic" book at $190 is the surest way to NOT make ANY money. :-)

Re:Price due to 13 authors; more of a White Paper (0)

Anonymous Coward | more than 3 years ago | (#34058486)

Chances are good they couldn't rehash old material. Somebody else already owned it. If another publisher buys your work you can't reuse it. Or something like that. They have the rights basically.

$189 for total lack of editing! (0)

Anonymous Coward | more than 3 years ago | (#34041486)

Forward? Foreward? "the technology our industry"? That's just in the first few pages!!! No purchase for you!

Re:$189 for total lack of editing! (1)

PatPending (953482) | more than 3 years ago | (#34041712)

Forward? Foreward?

Good one! "Forward by Amit Yoran" HA!

Yes, this book is riddled with typos.

GNAA (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#34041620)

that have raged learn w4at mistakes volume of NetBSD

Is this price in rupees or something?! (0)

Anonymous Coward | more than 3 years ago | (#34042150)

Talk about bend over...
The 13 industry experts contributed a grand total of less 15 pages apiece.
And for that I should pay $189 bucks?!
There are several books out there than combine the input from several industry experts that cost less than half of this...Grey Hat Hacking comes to mind, as having several industry experts contributing, and it damn sure didn't cost 200 bucks!
Hell, most of the "Stealing the Network: How to own the..." books would fall under this multiple experts contributing type of work as well.
I have no problem forking over anywhere between 40 to 70 bucks for a well written book that contains good information, but at this price, and for this amount of information, I'll wait for an e-book version to show up on my favorite tracker.
This is just highway robbery, and they're guaranteed to make less money at this price point, than if they were just getting 1/13th of it at a much more reasonable cost.

Reads more like an advert than a review (0)

Anonymous Coward | more than 3 years ago | (#34042444)

And if it was one tenth of the price, I still wouldn't buy it. It's got "cyber" in the title. That means the authors or at least the editor is dangerously clueless or pandering to same, such as the n00bs in government. That's probably where the price comes from too.

You ask and you receive (1)

the_hellspawn (908071) | more than 3 years ago | (#34042456)

Computer Forensic book for dummies is here and titled Enterprise Security for the Executive:... located at Amazon too. This book also has a coloring book on the opposite page as the text. That way when in a meeting the Executive looks like they are 'hip' to IT Security, but inside it is full of fun.

"A consistent stream of thought" (1)

Random Data (538955) | more than 3 years ago | (#34042518)

"A problem with books of collaborations such as this is that they often lack a consistent stream of thought."
A problem with this reviews is it lacks a consistent stream of thought. I know that this is /., but I really have trouble taking a review seriously when the author can't string two sentences together without my having to reread due to a change in tense or subject. I'm certainly not going to buy a $180 book on the word of a review like this.

I call "bullshit!" on Amazon! (1)

PatPending (953482) | more than 3 years ago | (#34042716)

The original review had the Amazon Bestsellers Rank at #1,399,835.

Earlier today when I looked at the rating it had gone down to #1,6xx,xxx

And just now when I looked at it, it's at #40,592 !

What changed? Well, a review by brothke's was posted at the site (four stars) and /. readers had simply looked at the page.

I call "BULLSHIT!" on Amazon!

Google says 450 pages (1)

jroysdon (201893) | more than 3 years ago | (#34046178)

I'm not sure where they got their page count info from. Google shows it is 450 pages long:

Google Shopping [google.com] .

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?