Slashdot Mirror
Book Review: Digital Forensics For Handheld Devices
benrothke writes "Today's handheld device is the mainframe of years past. An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago. With billions of handheld devices in use worldwide, it is imperative that digital forensics investigators and others know how to ensure that the information contained in them, can be legally preserved if needed." Read on for the rest of Ben's review.
Digital Forensics for Handheld Devices
author
Dr. Eamon P. Doherty
pages
336
publisher
CRC Press
rating
8/10
reviewer
Ben Rothke
ISBN
978-1439898772
summary
Valuable reference for digital forensics
In Digital Forensics for Handheld Devices, author Eamon Doherty provides an invaluable resource on how one can obtain data, examine it and prepare it as evidence for court. One of the reasons many computer crime cases fail to be prosecuted is that the evidence was not properly handled and could therefore not be admitted into court.
Once of the first things a defense attorney will do in a computer crime case is to attack how the digital evidence was obtained and preserved. In far too many cases, it was done incorrectly and the evidence, no matter that it may be a smoking gun, can't be admitted into court. The case then is dismissed, to the chagrin of the victim.
The books 8 chapters of nearly 300 pages are densely packed text, where Doherty brings significant real-world experience to every chapter. As the cybercrime training lab director at Fairleigh Dickinson University, he brings both an academic formality in additional to real-world experience in this highly tactical guide.
Chapter 1 details cell phone forensics. After a brief introduction to the history of the cell phone, it details the entire inner workings of a cell phone. The chapter also details differences in cell phones worldwide. An important fact is that many Asian countries have cell phones available 12-18 months before they appear in the US. With that, American forensic investigators need to be cognizant of this when entering into an investigation.
The chapter includes an overview of the Susteen Secure View application which is an extremely powerful tool for the mobile phone forensic investigator. Besides that tool, in each chapter, Doherty lists many tools that provide specific assistance to the topic at hand. The book is worth it for those listings alone.
Chapter 2 is similar to the previous chapter except this is about digital camera forensics. The chapter provides a detailed overview of how digital cameras operate and how the underlying hardware works. The chapter includes an extremely comprehensive overview of seemingly every tool available to investigate images on a digital camera.
The chapter also includes a number of fascinating case studies on how to effectively perform a forensics analysis of a digital camera. It concludes with an observation that when considering a career in forensics, as fascinating as it is; it may not be for everyone.
Doherty notes that as a forensics investigator, the examiner is often exposed to disturbing material. He quotes a report that studied investigators from over 500 agencies who had been exposed to child pornography during investigation of crime involving child exportation. The report noted an alarming 35% of the participants had problems arising from work exposure to child pornography.
Chapter 5 provides an extremely detailed look at forensics investigation on a corporate network. Throughout the book, Doherty stresses the need for effective chain of custody and other issues to preserve digital evidence. It is imperative to preserve the integrity of the digital evidence obtained from the time it was seized until it is presented in court.
To facilitate this, the book states a best practice to use checklists to ensure nothing is forgotten. The importance of checklists has been detailed in The Checklist Manifesto: How to Get Things Right where author Atul Gawande makes a compelling case for the use of checklists.
As to evidence and checklists, Doherty writes that once the evidence is obtained, a chain of custody form should be filled out. Each time the evidence is copied, processed, or transported, it should be documented on the chain of custody form. If others receive a copy of the evidence for prosecution or defense purposes, they too should sign for it. This is an imperative if it expected that the evidence would end up in court or be used for human resources purposes. But at the corporate setting detailed in chapter 5, that same level of diligence is not necessarily required.
Chapter 5 also has overviews of nearly 50 different forensic tools for every imaginable purpose.
While the book has exploratory and technical overviews on many tools and numerous case studies, this is not an introductory text on the subject. It is meant for someone with a technical background that is looking for a technical reference to gain competence on the topic of digital forensics.
The only lacking of the book is that while the author is an expert on the topic and the tools, the writing style is one that screams out for an editor. The text suffers from run on sentences and repetition of defining the same acronym, in addition to other readability issues. The book is pervasive its use of passive voice that can be annoying to many readers. It is hoped that the second edition of this book will be updated with the current tools of the time and a good re-editing of the text to ensure its readability doesn't suffer.
Aside from the grammatical issues, for those looking for a very hands-on guide to gain proficiency on the topic, Digital Forensics for Handheld Devices is a valuable reference. Dr. Eamon Doherty has a unique perspective in that he has academic, law enforcement and very practical experience, which is manifest in every chapter.
The notion of digital forensics is seize it, examine it and then prepare it for evidence in court. In Digital Forensics for Handheld Devices, you found out how to do just that.
Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.
You can purchase from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Once of the first things a defense attorney will do in a computer crime case is to attack how the digital evidence was obtained and preserved. In far too many cases, it was done incorrectly and the evidence, no matter that it may be a smoking gun, can't be admitted into court. The case then is dismissed, to the chagrin of the victim.
The books 8 chapters of nearly 300 pages are densely packed text, where Doherty brings significant real-world experience to every chapter. As the cybercrime training lab director at Fairleigh Dickinson University, he brings both an academic formality in additional to real-world experience in this highly tactical guide.
Chapter 1 details cell phone forensics. After a brief introduction to the history of the cell phone, it details the entire inner workings of a cell phone. The chapter also details differences in cell phones worldwide. An important fact is that many Asian countries have cell phones available 12-18 months before they appear in the US. With that, American forensic investigators need to be cognizant of this when entering into an investigation.
The chapter includes an overview of the Susteen Secure View application which is an extremely powerful tool for the mobile phone forensic investigator. Besides that tool, in each chapter, Doherty lists many tools that provide specific assistance to the topic at hand. The book is worth it for those listings alone.
Chapter 2 is similar to the previous chapter except this is about digital camera forensics. The chapter provides a detailed overview of how digital cameras operate and how the underlying hardware works. The chapter includes an extremely comprehensive overview of seemingly every tool available to investigate images on a digital camera.
The chapter also includes a number of fascinating case studies on how to effectively perform a forensics analysis of a digital camera. It concludes with an observation that when considering a career in forensics, as fascinating as it is; it may not be for everyone.
Doherty notes that as a forensics investigator, the examiner is often exposed to disturbing material. He quotes a report that studied investigators from over 500 agencies who had been exposed to child pornography during investigation of crime involving child exportation. The report noted an alarming 35% of the participants had problems arising from work exposure to child pornography.
Chapter 5 provides an extremely detailed look at forensics investigation on a corporate network. Throughout the book, Doherty stresses the need for effective chain of custody and other issues to preserve digital evidence. It is imperative to preserve the integrity of the digital evidence obtained from the time it was seized until it is presented in court.
To facilitate this, the book states a best practice to use checklists to ensure nothing is forgotten. The importance of checklists has been detailed in The Checklist Manifesto: How to Get Things Right where author Atul Gawande makes a compelling case for the use of checklists.
As to evidence and checklists, Doherty writes that once the evidence is obtained, a chain of custody form should be filled out. Each time the evidence is copied, processed, or transported, it should be documented on the chain of custody form. If others receive a copy of the evidence for prosecution or defense purposes, they too should sign for it. This is an imperative if it expected that the evidence would end up in court or be used for human resources purposes. But at the corporate setting detailed in chapter 5, that same level of diligence is not necessarily required.
Chapter 5 also has overviews of nearly 50 different forensic tools for every imaginable purpose.
While the book has exploratory and technical overviews on many tools and numerous case studies, this is not an introductory text on the subject. It is meant for someone with a technical background that is looking for a technical reference to gain competence on the topic of digital forensics.
The only lacking of the book is that while the author is an expert on the topic and the tools, the writing style is one that screams out for an editor. The text suffers from run on sentences and repetition of defining the same acronym, in addition to other readability issues. The book is pervasive its use of passive voice that can be annoying to many readers. It is hoped that the second edition of this book will be updated with the current tools of the time and a good re-editing of the text to ensure its readability doesn't suffer.
Aside from the grammatical issues, for those looking for a very hands-on guide to gain proficiency on the topic, Digital Forensics for Handheld Devices is a valuable reference. Dr. Eamon Doherty has a unique perspective in that he has academic, law enforcement and very practical experience, which is manifest in every chapter.
The notion of digital forensics is seize it, examine it and then prepare it for evidence in court. In Digital Forensics for Handheld Devices, you found out how to do just that.
Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.
You can purchase from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
I would say it depends who is the 'victim'. Yes, protect your handheld data. Encrypt the hell out of it and/or find a good way to wipe it clean before the wrong people get to it..
“He’s not deformed, he’s just drunk!”
If I want it preserved, I'll copy it to local storage or upload it to the cloud if I so choose. Other than that, if I hit the wipe button there better be smoke coming from it.
If I wanted it "preserved" I wouldn't be wiping it out in the first place.
I'm a satanic clam.
On one hand, dumping the contacts, text messages, and other items from a phone would be a vast boon for exposing a crime ring for investigators. However, on the other hand, any forensic device that can be used by LEOs can be used by criminals for gain as well.
If one separates a corporate officer from their phone and is able to completely dump the contents, it would mean a gold mine. Competitors would buy contact lists, spreadsheets (accounts payable/receivable), unannounced product sheets, etc. Employee payroll info can be sold to ID thieves, and the fact that these employees are at work at this time can be sold to local gangs for burglaries/home invasions. If the employee has any military employment, that info and their family info can be sold to foreign intel agencies, etc.
The trick is defense in depth. Yes, iPhones and some Android devices have device encryption, but the best thing is having encryption on the app level. To get around that, the blackhats would have to find a way to stick a keylogger on the device, as opposed to just a single snatch of the device and a dump.
Easier to commit a crime, start a DDOS attack, etc. when you have more computing power. Ever try doing a port scan on a 286? Aint’ fun.
Ever try doing a port scan on a 286? Aint’ fun.
Oh, yea, I did that once, way back in the early '90s...
Still waiting on the results.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
BYOD deserves mention in this context. While a lot of people are in love with the idea of bringing their own devices to work, they have not fully considered the legal implications of doing that. If an employer is involved in a dispute and there is any potential that any relevant information could be on the device, the device will be subjected to collection activities. Personal contacts, emails, photos, passwords (potentially) will be collected. The device owner will be without the device for hours, or potentially even days or weeks while the forensics are done.
I have seen it happen. I work with a company that has an established presence in the eDiscovery / EDRM space. Our teams are out doing forensic collections all the time, and it is more and more common to see employees end up in pissing matches with their internal legal and HR departments over who "owns" a device that has been used for work purposes. The employee always loses. Having paid for a device does not exclude them from the collection process.
Unfortunately, there is no -1 Just Plain Wrong.