http://www.powells.com/cgi-bin/partner?partner_id=28327&cgi=product&isbn=0-8493-8158-4

Investigating Computer Crime

Franklin Clark, Ken Diliberto

0-8493-8158-4, 228 pages, CRC Press, INC

Chapter 1 - "Computer Search Warrant Team": Chapter one starts out quick and to the point. In this three page chapter, the authors outline six groups that make up a computer search warrant team. Supervisor, Interview Team, Sketch/Photo team, Physical search team, security/arrest, and technical evidence seizure team.

Chapter 2 - "Computer-Related Evidence": A detailed list of types of evidence that can be found at a subject's location. The chapter lists types of evidence, shows where it might be found, gives examples, as well as includes pictures. Unfortunately, the common stereotyping of hackers begins here which may distract the reader from the facts.

Chapter 3 - "Investigative Tool Box": Every investigative team should carry a toolkit to effectively perform their duties. The advice and recommendations in this chapter seem to focus on MSDOS and Win 3.1 systems. Programs and software tend to be Windows based commercial programs. Little mention is made of OS/2, UNIX, or more obscure OSs.

Chapter 4 - "Crime Scene Investigation": Each investigation must go through certain steps to be effectively completed. Starting with scene evaluation and ending with "completing the search". This chapter goes step by step through the required process.

Chapter 5 - "Making a Boot Disk": Once again, this chapter seems to focus on MSDOS based systems. Those investigating Unix or NT systems will not benefit from the information here. Since a majority of systems are now 95, NT, or Unix, this chapter could stand for a second version.

Chapter 6 - "Simple Overview of Seizing a Computer": Chapter six is nothing more than a three page checklist overview of the steps in seizing a computer. Unfortunately, it doesn't go into much detail or prepare the reader for uncommon occurrences.

Chapter 7 - "Evidence Evaluation and Analysis": Once the material has been collected from the subject computer, the long process of examining the files begins. Covering the different types of files like spreadsheets, databases, or graphics, this chapter focuses on DOS or Win based computers.

Chapter 8 - "Investigating Floppies": Much like the previous chapter, this one applies to any floppy disks seized in a warrant.

Chapter 9 - "Common File Extensions": A three page list of common file extensions. Aside from the duplicate entries (like 'gif'), there is a noticeable lack of other extremely common extensions like 'tar', 'gz', or 'arj'.

Chapter 10 - "Passwords and Encryption": While covering passwords and elements of good password security, the chapter falls very short on practical encryption. Someone new to investigating computer crime is likely to walk away thinking that encryption will not be a big hurdle when encountered. Rather than cover more on PGP, CFS, or SFS, the chapter goes into BBS passwords, Quicken, Word Perfect, and similar programs.

Chapter 11 - "Investigating Bulletin Boards": The obvious base of the author's experience, this chapter goes into details on BBSs, their operation, finding them, and more. Along with some information on elements of a BBS, suggestions are made for the L.E. officer poking around new BBSs. Guidelines for investigators trying to infiltrate a BBS are given, but the concept of fitting in seems to fall short.

Chapter 12 - "'Elite' Acronyms": The mere existence of this chapter along with the short list suggest the authors don't fully grasp the depth of the 'underground' scene. While listing some obscure groups I have personally never heard of, they leave off well known and overly used acronyms often used among the scene.

Chapter 13 - "Networks": Perhaps one of the more concise chapters, this section gives a good summary of networks, network devices, and network operating systems. Understanding networks is the key to properly investigating.

Chapter 14 - "Ideal Investigative Computer Systems": Though written in 1996, the recommend systems for investigators as outlined seems appropriately detailed. However, while the outline does provide a decent foundation for new investigators to work from, it seems rather short-sighted.

Chapter 15 - "Court Procedures": Often one of the more elusive and more misunderstood components of a computer crime investigation, the court procedures are often the most critical. This chapter touches on expert witnesses, pretrial preparation, terminology, and more.

Chapter 16 - "Search Warrants": By citing case law and specific examples the authors have encountered, the a good coverage of details on types and differences of various search warrants is presented. Included in the chapter are sample warrants from previous cases to give the reader a solid idea of what they encompass.

Overview: For someone new to investigating computer crime, this is the ideal book for you. Not only does it cover most aspects of an investigation, it does so by providing examples and pictures for re-enforcement. To the experienced investigator, the book may fill in a few small gaps or bring to light a new element previously overlooked. Lastly, to anyone working on cases involving Unix or the internet, this book is not for you.


main page ATTRITION feedback