The Basics Of Digital Forensics

Gone are the days when the only evidence that could be used to solve crimes had to be gathered physically ‘at the scene’ and popped into plastic bags for further examination. In the digital world, the evidence is often digital too. From incriminating e-mails to web browsing activity, from data files on a hard disk to tweets, Facebook posts and phone-calls: most of us constantly leave a digital trail of our activities – and if those activities are undertaken with criminal or terrorists intent, that trail may attract the attentions of the law enforcement or security services. And that’s where digital forensics comes into play.

The Basics of Digital Forensics is just what its name suggests – it is an introductory text on the subject, aimed at people (like me) who are familiar with computers but know next to nothing about digital forensics. The author, John Sammons, is an Associate Professor at Marshal University in Huntington, West Virginia. He teaches digital forensics and information security. In this book, he provides a fairly easy-to-read overview of the nature and practice of digital forensics.

The book begins with some basic information that is likely to be familiar to anyone with a technical or programming background (or who has read one of Peter Norton’s best-selling books) such as the binary and hexadecimal representations of data on disk, file ‘signatures’, various types of memory and physical storage, file systems, page files and so on. It then moves on to describe how digital forensic investigators operate and the sorts of tools they use. It explains how evidence is collected and it discusses some of the ways in which the bad guys may try to cover their tracks. It gives examples of some types of malicious activities such as password attacks and email spoofing. It also goes into some of the ways in which criminal investigators may track down and miscreants and bring them to justice – though this is based on practices in the USA so will not be directly applicable to other countries.

This is an interesting and approachable introduction to digital forensics. It does not go into much technical detail, however. Nor does it describe in any detail specific types of computer attacks such as the Stuxnet worm or SQL Injection. If this is the kind of topic in which you are interested, you will need to look elsewhere. But while this book does not go deeply into its subject it does provide a concise and simple overview of a big and complex topic.