The possibility of computer crime is all-pervasive, and its impact could be disastrous to any enterprise. Recent events have confirmed that a single computer crime could bring down an enterprise in no time. Just as enterprises need to be prepared and have adequate plans for business continuity planning (BCP), they need to be aware of the impact of computer crimes and consider it as a key aspect of risk management strategy. Hence, IT auditors, IT assurance professionals and senior management need to be aware of the concepts and practice of computer crimes, the impact and the action to be taken if such an unfortunate incident occurs. Cyberforensics is the use of analytical and investigative techniques to identify, collect, examine and preserve evidence or information that is magnetically stored or encoded. Recent computer crimes have increased the prominence of cyberforensics and have made it necessary for IT professionals, IT assurance professionals and senior management to have an awareness of the various steps of basic cyberforensic investigations, a preliminary understanding of the forensic process and its relationship to and dependency on technology, and a preliminary understanding of its dependency on the legal and legislative process.

Cyber Forensics: A Field Manual for Collecting, Examining and Preserving Evidence of Computer Crime, 2nd Edition, is designed to provide the reader with an introduction and overview of cyberforensics and the policies, legal ramifications, implications, procedures and methodologies of a cyberforensic investigation, from a theoretical and practical perspective. The book guides the reader through the various steps of basic cyberforensic investigations, with the objective of preparing the reader to participate with trained cyberforensic professionals and forensically evaluate a suspect machine.

The book is both a how-to reference and an excellent reference for the business library on the topic of cyberforensics. It provides an in-depth examination of just how someone may manipulate technology to conceal illegal activities and how cyberforensics can be used to uncover those activities. The book could have benefited from a comprehensive case study walking the reader through various steps of cyberforensics from the initiation to the conclusion. The writing and presentation style are academic/conceptual, rather than practical. Nonetheless, the book’s coverage is strong.

Cyber Forensics covers critical topics such as defining cyberforensics, rules of evidence and chain of custody in maintaining electronic evidence, how to begin an investigation, the investigative methodology to employ and an examination of steps in cyberforensics investigation, how to establish standard operating procedures for cyberforensics, conducting a cyberforensic investigation while working within legal frameworks, and the current data security and integrity exposure of multifunctional devices. The book provides tools and techniques to proactively investigate, examine, audit, control and maintain IT system security. It reviews the latest methods and techniques used to conceal criminal activities and includes case studies to illustrate standards of protocol and methods of investigation.

The appendices to the book have a wealth of information and include listings of computer forensic web sites, cybercrime and forensic organizations, cyberforensic training resources, pertinent legislation, and recommended readings; a flowchart for the seizure of a personal digital assistant; and questions every cyberinvestigator should ask.

Editor's Note

Cyber Forensics: A Field Manual for Collecting, Examining and Preserving Evidence of Computer Crime, 2nd Edition, is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in this Journal, visit www.isaca.org/bookstore, e-mail bookstore@isaca.org or telephone +1.847.660.5650.

Reviewed by A. Rafeq, CISA, CGEIT, CIA, CCSA, FCA
an IT governance and assurance professional from Bangalore, India, with more than 25 years of experience in varied roles such as chief financial officer, chief information officer, IT implementer, IT consultant, IT auditor, and Control Objectives for Information and related Technology (COBIT) trainer. He has been a COBIT user and implementer for more than 12 years and is a well-known COBIT evangelist. Rafeq has made presentations on IT governance, IT assurance and COBIT implementation at ISACA conferences worldwide. He is past president of the ISACA Bangalore Chapter, and has also helped with development of ISACA’s CISA Review Manual. Rafeq is chairman of ISACA’s Government and Regulatory Agencies (GRA) Task Force in Asia and a member of the CGEIT Certification Board.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors, employers or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.

Subscription Rates:
US: one year (6 issues) $75.00
All international orders: one year (6 issues) $90.00
Remittance must be made in US funds.