1 comments about Cybercrime: The Investigation, Prosecution and Defense of a Computer-Related Crime.

1. I puchased this book based on a reference in another text and was sorely disappointed. It is made up of four chapters and an introduction. The text is heavily footnoted but, fortunately, they appear at the bottom of the page. The chapter on "Defining Cybercrime" is mainly a rehash of code sections with little in the way of explanation or interpretation. By far, the most interesting chapter is chapter 3 on "The Investigation and Prosecution of a Cybercrime" but I don't find that it justifies the purchase of the book. Definitely look elsewhere!

No comments about Using Microsoft Office to Improve Law Enforcement Operations: Crime Analysis, Community Policing, and Investigations.

5 comments about Internet Denial of Service: Attack and Defense Mechanisms (The Radia Perlman Series in Computer Networking and Security).

1. Your take on this book really depends on where you are sitting. The authors lucidly describe what a Denial of Service attack is. More to the point, the book then goes into an explanation of its more dangerous variant - the Distributed Denial of Service [DDoS] attack. The book is really about the latter; not the simple DoS. We see how DDoS evolved rapidly from 1999 to 2005, with the number of computers hijacked to become agents for an attack expanding from hundreds to over a hundred thousand. And how it no longer seems to be done by joyriding hackers just seeking a thrill. Now, it may actually be a business; a major branch of malware.
   
   You should have a reasonable background in understanding TCP/IP, to appreciate the book's technical discussions. For example, if you see mention of the TTL field in a header, you should already know what it means.
   
   The book explains several postulated countermeasures to DDoS. Nifty ideas like traceback and pushback. Or perhaps doing an entropy count of good and bad packets, to help distinguish between them. The problem is that none of these are truly effective. DDoS is an unsolved problem. So if you are a cracker, this is good news. Not so for sysadmins.
   
   But there is something else. Perhaps DDoS is fundamentally insolvable, under the current IPv4 and current router capabilities. But maybe this field is still young. What is a problem for many could be a chance for you, as a researcher or inventor.



2. Internet Denial of Service
   
   I certainly enjoyed reading this book, in fact I started looking at it during the work day and couldn't wait for everyone to leave at quitting time so I could finish it. It seems to have a bit of trouble finding its niche, most of the time it has the feel of a research paper, but from time to time there are amazingly practical tidbits. If you are looking for a how to stop denial of service, step by step, buy the cup of coffee from Borders and leaf through the book and make your decision carefully. If you are a researcher in the USA interested in Internet protocols and US law and response, this is a must read, must have. If you are truly seeking to understand what zombie style distributed denial of service is and is capable of, buy the book and read it three times. My response team worked closely with one of the authors, David Dittrich from 1999 - 2001 and if there is a "been there, done that" individual when it comes to malicious code, he would be that person.
   
   This is not a book for a novice, but if you know your way around a network and know a bit about routing, there are a number of helpful illustrations and code segments that drive the points home.
   
   I realize I gave the book three stars even though I liked it a lot and that is primarily because the book is much weaker in the two final chapters, 8 and 9. You just can't throw issues like law, ethics, jurisdiction, evidence collection, and estimation of damages on the table, write a couple paragraphs and zoom on, someone could get hurt. For the right reader, this can be a wonderful resource.



3. There are obviously a multitude of ways an attacker can take your site down. One way is via a denial of service attack. There's a new book out that covers just that attack in great detail: Internet Denial Of Service - Attack and Defense Mechanisms by Jelena Mirkovic, Sven Dietrich, David Dittrich, and Peter Reiher (Prentice Hall).
   
   Chapter list: Introduction; Understanding Denial of Service; History of DoS and DDos; How Attacks Are Waged; An Overview of DDoS Defenses; Detailed Defense Approaches; Survey of Research Defense Approaches; Legal Issues; Conclusions; Glossary; Survey of Commercial Defense Approaches; DDoS data; References; Index
   
   Going into this book, I can say I knew about the basics of a Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack. What I didn't understand is how sophisticated they've become. The book covers (in deep detail) how bot or zombie networks are developed and utilized to launch these types of attacks. I didn't realize that it's relatively easy to acquire a bot network of over 100000 clients who can flood a site with packets. And it's not even necessary to use them all at once. Attacks can start with a fraction of the clients, and then escalate as the victim attempts to filter packets or add bandwidth. It's a scary thing. The authors also cover the various issues involved in the defense of these types of attacks. Filtering might work, but it can be difficult to find the correct filtering parameters that don't also drop legitimate traffic. And due to the distributed nature of the attack, it can be nearly impossible to find the culprit, and worse, to prevent it from happening again.
   
   Walking away from this book, you don't get a warm, fuzzy feeling about the current situation. Regardless of what steps you take, there is no current sure-fire method for defending these attacks. But by reading Internet Denial of Service, you'll be far more prepared to understand what's going on and what realistic options do exist. Better yet, it also gives you the steps you need to take to prepare your site for this type of incursion beforehand. If you've mapped out your plan ahead of time, you can definitely minimize (to some extent) the damage that can occur.
   
   This is a good read for any security professional tasked with security and availability of an organizational website. Reading this now could save your job later...



4. 'Internet Denial of Service' (IDOS) is an excellent book by expert authors. IDOS combines sound advice with a fairly complete examination of the denial of service (DoS) problem set. Although the authors write from the DoS point of view, as a network security monitoring advocate I found myself agreeing with many of their insights. Since there are no other books dedicated to DoS, I was very pleased to find this one is a powerful resource for managers and technicians alike.
   
   IDOS features some of the best minds on DoS research available. Everyone has heard of Dave Dittrich, but I found the work of lead author Jelena Mirkovic to be particularly valuable. Peter Reiher and long-time DoS researcher Sven Dietrich also give the project considerable weight. All four authors work for or with universities, and IDOS reflects this academic connection by frequently citing papers and DoS research. For example, chapter 7 describe DoS mitigation approaches and Appendix C examines the best available data on DoS techniques. I would encourage other authors to make similar references to the academic community and not write in a literary vacuum.
   
   By making references to outside works, IDOS successfully avoids repeating material published elsewhere. Chapter 6 was probably my favorite section, including much distilled wisdom and advice on responding to DoS attacks. I welcomed the authors' frequent recommendations to collect session and full content data. It is often impossible to detect and respond to attacks without this sort of network-based evidence. This point is often lost on vendors or consultants who lack experience performing incident response.
   
   I had minor problems with the book. First, I would have liked more technical detail in chapter 6. For example, it would have been nice to see examples of system metrics from nodes or routers under DoS attack. Specific advice on host tuning techniques would also have been useful, e.g., make changes X, Y, or Z on FreeBSD or Cisco IOS to better resist DoS conditions. I was also slightly disappointed the authors did not base their discussions of commercial products in Appendix B on hands-on evaluations. I understand the problem with meeting this objective, however.
   
   I did not have any problems with the legal or concluding chapters (8 & 9). I think the earlier three-star reviewer found himself on the wrong side of the 1999 "RST scan" controversy discussed on p. 52 and may not have been happy by the (correct) stance taken by IDOS.
   
   I highly recommend every security professional read IDOS. It's a convenient and illuminating discussion of a problem that will never disappear. This book will prepare you to do battle with DoS attacks, and for that I am thankful.



5. Nutshell review - If you want to know all about denial of service attacks then this is an excellent book to start with. Well written, easy to understand and excellent coverage of the topic.

No comments about Downloading Copyrighted Stuff From The Internet: Stealing Or Fair Use? (Issues in Focus Today).

5 comments about Insider Computer Fraud: An In-depth Framework for Detecting and Defending against Insider IT Attacks.

1. Ken Brancik has managed to hit the mark that so many have missed. He provides a comprehensive framework for understanding and countering insider threats. This book is useful for a multidisciplinary audience, from attorneys to management to technical staff. By addressing web security, IT architecture, and application security, he creates the "big picture" of insider fraud and then steps the reader through a methodology to effectively counter these threats. A seasoned and well respected cyber security professional, Ken Brancik, has made a substantial contribution toward beating the bad guys with this excellent work.



2. I really enjoyed reading this book. It provides a comprehensive framework for understanding insider threats and Risk management.
   
   The author integrates a lot of components like Risk Assessment, Threat Modeling, Privacy assessment, Cyber security, Application security, Web services and Computer architecture as it relates to insider threat identification and prevention. If you deal with any of these components - you must read this book. You will learn so much - all in one place.
   
   This book is logically arranged; the author does an excellent job building from one topic to another. It is an eye-opening and fascinating book as it presents the methods, safeguards, and techniques that help protect an organization from insider computer fraud.
   
   I really liked Chapter 3 which covered Risk Assessment very well. It walks the reader with a step by step risk assessment methodology, which is very critical in any environment.
   
   As a IT Security professional this book has become an invaluable resource for me.
   
   Bottom line: Must read and well worth the price.



3. 
   "Insider Computer Fraud" is a thorough and and extremely well done coverage of a complex topic which has important implications for people and the companies they work in. We often focus on external threats but as recent event show insider threat is as critical and can impact whole industries over night. Brancik's coverage of Novelty Neural Networks and their use to detecting insider fraud is an important contribution. Anyone in the financial services industry that has a role in protecting against computer fraud should read this book.



4. Ken Brancik has written a tour de force compendium about insider computer fraud. His years of practical experience shine through in this very practical book for anybody who needs to act in the defense of real systems. Brancik's own experience is combined with exhaustive references to case studies, legislation, and research.
   
   The reader will enjoy a thorough presentation of the domain theory, combined with very detailed explanation of technical methods. For example, Brancik provides a rich taxonomy, which will be of huge value to any practitioner looking to divide and conquer such problems. Moreover, this taxonomy is only one of the elements in "an in-depth framework for detecting and defending against insider IT attacks". The book's content is true to the claim of its title.
   
   Beyond what can be done and needs to be done as the first steps to thwart such attacks, Brancik also points the way to the future. Statistical models of anomaly, for example, have had a small place in computer security when compared to rule-based pattern detectors. Both approaches are needed, and this book describes neural networks -- associative memories in particular -- as a way toward more powerful hybrid systems of the future.
   
   "Insider Computer Fraud" would make a great textbook for the student, an invaluable cookbook for the practitioner, and a provocative guide to the researcher. It is also a must-have reference for anybody in the field of computer fraud more generally.



5. Brancik covers computer fraud from every angle imaginable. It's precise, thorough and methodical. The index is detailed and specific in getting the exact information you need quickly. This book can be used as a reference for looking to tighten security and also as a textbook in the classroom. I specifically liked Chapter 6 that covered web services, which is the most widely missed security flaw in companies today.
   
   Brancik put together a fraud taxonomy that also can be used by professionals to measure how secure they are. This goes beyond most classroom lectures because this is the kind of information you need in real life work scenarios. What I liked mostly about this book was that the chapters flow into one another and while it covered a wide range of topics it did not feel like I was reading just another computer textbook. The book covers security and audit like no other book on the market and I have read most of them being in the banking sector for a number of years. I recommend this book highly.

5 comments about Stolen Lives.

1. You are driving home behind your wife and daughter after meeting up at a grocery store. You watch as an eighteen-wheeler swerves purposely into their lane. You stare in horror as your family's car spins and collides with the tractor trailer.
   
   Your life will never be the same.
   
   And you vow that the trucker's life will never be the same, either.
   
   When crooked justice determines the tragedy of his family's death was an accident, Robert Whitney turns his grief to revenge at those who wronged him. The witness selling his lies to the highest bidder. The state trooper willing to buy the tainted story. The trucking company manager willing to pay them off. And the murderer himself.
   
   With skills honed by his computer programming business, Robert hatches a plan to steal the lives of those who stole his. He will let them suffer, then end it all.
   
   Brian Reaves' tightly woven thriller, Stolen Lives, has been called a modern Count of Monte Cristo, and the comparison is apt. Fleshing out vivid characters with deep motivations, Reaves makes the twisting plot matter intensely to all of them. I didn't want to put this book down. Highly recommended.



2. Stolen Lives launched Brian Reaves onto my list of all-time favorite authors. If you like a fast paced read, you will love this one. A novel to read in one sitting as you're grabbed in the beginning and held captive until the end. One of the best novels I've read in a long time. So settle back, get comfortable and enjoy the ride. You won't be disappointed. --Rita



3. The old 2nd chance story doesn't always ring true to everybody. So, to be honest, would it really ring true in a novel? Especially with a first time author? That's setting the stakes pretty high. I'm here to tell you that lives will be changed through works such as this, because it already stole my heart! Brian Reaves is the real deal, and his mark has been made. Don't doubt that for a second. This is a chess match, and although the bishop comes rather slowly, he makes his move in due time.
   
   I can look at this and see myself as Robert Whitney, easily wanting justice for what was done. If I saw my wife and daughter killed before my eyes... yeah, we won't go there. I am blessed that I have Christ in my life. But what if you don't? What if there were witnesses that kept YOU from getting the justice you deserved? What if YOU had the power to get even? It just might get interesting, right? It just might. Robert owns his own company, his best friend works with him, what could possibly go wrong? But when you don't have Christ, there's always that "what if?" lurking about in the back of your mind. Remember that? What if things turned out totally different than you figured?
   
   This was just great! I mean with each page I felt my heart breaking just a little more, and I felt the emotions well up a notch with each chapter. There aren't too many authors who can do that. I'm going to be on the look out for more by Brian Reaves! Wow! This hit hard, like a Louisville Slugger. Right on the sweet spot, and exactly in the right spot! I'd encourage ANYBODY to pick this up just for the extra hope, if not for the great story itself. Thank you, Brian!



4. Brian Reaves has crafted a highly entertaining identity theft thriller not to be missed. Robert Whitney loses his wife and daughter in a tragic accident and decides to take out revenge on those who were involved. What follows is a suspenseful tale that consumes the reader and keeps us guessing. There are no good guys or bad guys; just wonderfully fashioned characters that struggle with the concept of right and wrong. In other words.....(gasp)....they are human!
   
   Reaves weaves different story lines together with ease, and the result is an unorthodox conclusion that is both powerful and satisfying. We learn that revenge is never sweet and that there is hope even for the hopeless. This book also opens our eyes to the dangers of identity theft and reminds us how careful we need to be. A very entertaining read that inspires, encourages, and informs. Don't miss this one!



5. 
   With the modern threat of identity theft, this book is certainly timely. It's frightening how easy it is for someone to not only ruin one's credit over the internet, but in this case, to completely destroy someone's life. Robert Whitney, a brilliant computer programmer, watches helplessly as his wife and daughter get killed on the interstate by a sleep deprived, angry truck driver. What's worse, the trucker lies about the true cause of the accident (his own road rage), and the state trooper on the scene and another witness take bribes from the trucking company to lie in the accident report. So not only does Mr. Whitney lose his loving family, but the guilty party gets away with the crime and two more people profit handsomely from Mr. Whitney's misery. But not for long! Brian Reaves crafts a clever tale of revenge and redemption. This book is very well researched and well written. It flows perfectly with just the right mix of description detail, character development, action, suspense, emotional turmoil, and spiritual awakening. I strongly recommend this book.

No comments about The Computer Conspiracy.

No comments about Cybercrime Cyberterrorism Cyberwarfare: Averting an Electronic Waterloo (Csis Task Force Report).

5 comments about DISK DETECTIVE - Secrets You Must Know to Recover Information from a Computer.

1. I'm afraid this book is not what it looks. Though it is well written and somewhat interesting, if you need a how-to book on disaster recovery, this is not the right place. This 104 page booklet deals only with DOS and Norton's undelete very basic features, hardly useable under real life incidents. You'll find some tales about how to solve a suicide, or to search for a criminal, how to get around some trivial password protection and some other funny stuff, but don't expect to find your lost data after a virus attack after reading this book.



2. First I'll start by saying, this book was good to read if you need a starting point and do not know a thing about data recovery. However, the material is at a beginner's level, quite dated and the $18 price tag is not worth it. Now if you come across this book at a book consignment shop, yard sale, or a book discount sale, then definately get it. I would not spend over $5 on this book. Also I didn't like reading a warning on every page to make sure that I didn't delete any important information or practice with a disk that might have info I would want to keep. Well DUH! I have a little more common sense than that! The warnings make up, no kidding, about 10 pages of a 104 page book.

   In summary, save your money for a book that you can use with today's operating systems. This book did not even mention Win.'98. Most of its contents were regarding the old DOS only o/s and a little bit @ Win 95.




3. I wish I had read the other reviews prior to purchasing this book!

   The book does not deal with Win98, Win95 information is just about the Recycle Bin.

   The author's web site no long exist. (Small wonder!) The only valid information is to purchase a Utilities Program, like we need to be told that.




4. It targets old operating systems: Windows 98, Windows 95. Also focuses on old DOS systems. It utilizes simple techniques a child could figure out. Simply outdated.



5. I found this book to be a total waste of money. It delt primarily with Windows 3.1. It does not talk about any of the current data recovery techniques and software in use today, nor does it deal with any of the systems currently in use today.

1 comments about Cyber Crime Investigator's Field Guide, Second Edition.

1. I have over 100 books in my library dealing with information security, communication systems design, criminal investigations, penetration testing (hacking), and computer crime investigation (cyber forensics) but this book leads the pack. I've actually purchased several for my friends who work in cyber forensics at the local/state/federal levels in law enforcement and those who work in corporate America. This book is soooo good because it covers what REALLY happens out in the field during a computer crime investigation (including entire chapters on what to bring, how to plan, who to work with, etc). Also included are entire chapters dedicated to various tools and step by step instructions on how to use them. I've done my research and Bruce Middleton (the author) has been in the computer crime field for decades working forensics investigations before it was even called forensics. He began is investigative work with computers back in the early 70's with NSA and DoD. Today he is still an outstanding writer, speaker and investigator in the forensics world, working with corporations, government agencies, law enforcement, and our military. This book is hard hitting and really tells it like it is. Great for both novices and those with experience.