The Basics of Digital Forensics
Author: John Sammons
Computers, mobile devices and the Internet have become an integral part of our daily lives. They are helpful tools, but they are also sources of information that one would not necessarily like to share with everybody. With privacy becoming an increasingly urgent concern as years go by, every computer technology user should know a bit about what can be extracted from various devices – no matter which side of the inquiry he might find himself on.
About the author
John Sammons is an Assistant Professor at Marshall University in Huntington, West Virginia. He teaches digital forensics, electronic discovery, information security and technology. He is also the founder and Director of the Appalachian Institute of Digital Evidence, and routinely provides training for the legal and law enforcement communities in the areas of digital forensics and electronic discovery.
Inside the book
Every time I open a book for beginners – and especially when the topic is more than familiar to me – I must first pause a bit and adjust my way of thinking. Personally, I don’t mind reading such books, as I’m often pleasantly surprised at how much I actually know, but that is just it – I have to constantly keep asking myself: “If I didn’t already know this, would this explanation be adequate?”
“The Basics of Digital Forensics” is a relatively short book that doesn’t go in depth – things I consider definite qualities in books for beginners.
The book explains the notion of digital forensics and how it’s used, how computers (especially Windows-based) create and store digital information, introduces basic tools for performing various tasks and the processes for collecting evidence.
It explains the processes and tools used for recovering deleted evidence, touches the subject of privacy laws (unfortunately, only those in the US), and then concentrates on methods of collecting digital evidence from the Internet, email, networks and mobile devices.
Finally, it ends with a short chapter on two technologies that will hugely impact the field of digital forensics: cloud computing and solid state hard drives. The problem is that data stored in these places can be technically or legally unrecoverable, and it’s still difficult to tell how this issue will be solved.
The author does a good job in keeping the book “light”: he doesn’t use overly technical language, the explanations are simple and very concise, he doesn’t get bogged down in unimportant minutiae.
Throughout the text, he does mention some advanced techniques, but keeps it very short and then provides a source for the material for those who are interested in more. Also very helpful are the occasional “Alert” text boxes.
“The Basics of Digital Forensics” is extremely easy to read and understand, and tackles the topic in a very broad manner. All in all, it’s a perfect book for those who are interested in the subject and for gauging whether they might be interested in finding out more about it in the future.