John Wiley & Sons Inc., 2007, 152 pp.
For novices and experts alike, Michael Sheetz traces the evolution of computer forensics from computer crime investigators, who focused on securing a system, into entities dedicated to the preservation and recovery of digital evidence for admissibility and use in court.
Understanding the fundamentals of how computers process information (input, storage, processing and output) is inherent to the computer forensics process, which is broken into five main steps:
Preservation—the crucial stage in ensuring evidence remains unchanged.
Collection—the process of collecting evidence will mean that it does change; extremely thorough and careful documentation and planning are essential.
Analysis—a starting point for the broad area of analyzing information discovered in the preservation and collection phase.
Re-creation—reporting and documentation requirements to ensure the “evidentiary admissibility” of evidence collected.
As the author explains, this book is not meant to be a comprehensive guide on computer forensic evidence, but it does provide a strong foundation for CPAs and other professionals who are getting into this growing field.