Machine Learning Forensics for Law Enforcement, Security, and Intelligence
The first time that I quickly browsed through this book, I thought that maybe I was reading this in a slightly different language as there were new acronyms and different ways of thinking on how to process information for me to learn
By the time I was finished my head was spinning and overloaded with so much information. But it did intrigue me to want to read it a second time in more detail. This time I was prepared as I had looked up reference points for more detailed information on some of the subject matter. I am really glad that I did, as this is a really in-depth book on its subject matter and is not for the faint hearted. Normally I can breeze through technical IT Security books as a lot of them cover the same sort of subject matter albeit in a different form and it was really refreshing to have something to challenge me and make me want to find out more information.
As there are more and more avenues for criminals to become involved with E-crimes the investigator is always playing catch up and most of the time after the crime has taken place, with the criminals long gone.
This very detailed book in parts is a step by step guide on how to proceed through various forensic investigation methods. Firstly you are taken through how to organize an investigative map and how to design a forensic framework. Over the next 3 chapters you are introduced to the three types of forensics, Extractive, Inductive and Deductive. At the end of each chapter you are introduced to commercial as well as free software that can aid you in these types of forensics. There does seem to be a bit of bias towards the commercial side of things, but at the end of the day this is a specialised field and the commercial products are more than likely to provide the better toolsets.
Now that you are fully prepared for what you are about to get into with the above three chapters (I re-read these a few times as there is a lot of information covered in here and it made me very aware on how much data we all leave behind in our day to day lives) you are taken through a step by step process on how a Forensic Investigation should be handled.
Chapter 7 provides the reader with good information on the OSI model and what Deep Packet Inspection of the 7 layers will reveal. There are various tools and methods on how to protect your company from an attack in the first place included, but as we all know all good plans go to waste at some point. The checklists provided towards the end of the chapter might appear a bit short to some, but they are straight to the point on what you need to do if a successful attack on your company has been identified.
The final chapter is all about Corporate Counterintelligence and what a forensic investigator should be looking for and tools that can be used to try and prevent data leakage.
Throughout the book there are various case studies using some of the tools that have been suggested by the author which provide good information on how that particular product should be used to achieve the bet results.
It would have been nice to have an appendix at the end with all the checklists in one place, but its not hard to go through the book to find them one by one.
Hard book to read for someone who is knew to this area of IT security, but well worth the read.