Digital Archaeology: The Art and Science of Digital Forensics

This is a decent book on the topic but it's a few years old and does contain some mistakes. Graves is an OK writer but not great. Hard to find books on this topic that aren't tied to a specific operating system, that's what set this one apart for me. Some coverage of both computers and cellphones.

Bought it for my school course ..came right on time ..easy to ship back .not an issue at all

Thanks great

Great book for forensic studies

The book Digital Archaeology: The Art and Science of Digital Forensics starts as yet another text on the topic of digital forensics. But by the time you get to chapter 3, you can truly appreciate how much knowledge author Michael Graves imparts.Archaeology is defined as the study of human activity in the past, primarily through the recovery and analysis of the material culture and environmental data that they have left behind, which includes artifacts, architecture, biofacts and cultural landscapes.The author uses archeology and its associated metaphors as a pervasive theme throughout the book. While most archeology projects require shovels and pickaxes; digital archeology requires an entirely different set of tools and technologies. The materials are not in the ground, rather on hard drives, SD cards, smartphones and other types of digital media.In the preface, Graves writes that in performing an investigation that explores the use of computers or digital data, the investigator is embarking on an archaeological expedition. In order to extract useful artifacts, information when dealing with our topic at hand; the investigator must be exceedingly careful in how he approaches the site. The similarities between a digital investigation and an archaeological excavation are much closer than you might imagine. Data, like physical artifacts, gets dropped into the oddest places. The effects of time and environment are just as damaging, if not more so, to digital artifacts as they are physical mementos.The book shows you precisely how to extract those artifacts effectively. And in a little over 500 pages, the books 21 chapters, provides a comprehensive overview of every area relevant to digital forensics. The author brings his experience to every page and rather than being a dry reference, Graves writes an interesting reference guide for the reader who is serious about becoming proficient in the topic.Rather than provide dry overview of the topics and associated hardware and software tools. The books take a real-world approach and provides a detailed narrative of real-world scenarios.An important point Graves makes is that a digital investigator who does not understand the basic technology behind the systems they are investigating is going to be at a distinct disadvantage. Understanding the technology assists in the investigative process and ensures that the evidence can be held up in court.The need to a proficiency in digital forensics is manifest in the recent attack against Target stores. After an aggressive attack, the store called in external digital forensics consultants to help them make sense of what happened.The book starts with an anatomy of a digital investigation, including the basic model an investigator should use to ensure an effective investigation. While the author is not a lawyer; the book details all of the laws, standards, constitutional issues and regulations that an investigator needs to be cognizant of.The author notes that notes that forensic experts Warren Kruse and Jay Heiser wrote in their definitive tome on the topic Computer Forensics: Incident Response Essentials that the basic computer investigation model was a four-part model with the following steps: assess, acquire, analyze and report. Graves breaks those into more detailed and granular level levels that represent processes that occur within each step. These steps are: identification and assessment, collection and acquisition, preservation, examination, analysis and reporting.Chapter 2 has a section on the constitutional implications of forensic investigation, of which is the topic is also pervasive throughout the book.As noted, a significant portion of the book is dedicated to the legal aspects around digital investigations. Graves spends a lot of time on these needed issues such as search warrants and subpoenas, basic elements of obtaining a warrant, the plain view doctrine, admissibility of evidence, keeping evidence authentic, defining the scope of the search, and when the Constitution doesn’t apply.The only chapter that was deficient was chapter 13 – Excavating a Cloud. Graves writes that the rapid emergence of cloud computing has added a number of new challenges for the digital investigator. The chapter does a good job of detailing the basic implications of cloud forensics. But it unfortunately does not dig any deeper, and does not provide the same amount of extensive tool listings as do other chapters.Each chapter closes with a review of the topic and various exercises. Those wanting to see a sample chapter can do so here.For those looking for an introductory text on the topics of digital forensics, Digital Archaeology: The Art and Science of Digital Forensics is an excellent read. Its comprehensive overview of the entire topic combined with the authors excellent writing skills and experience, make the book a worthwhile reference.

SDSUG Book ReviewDigital Archaeology – the Art and Science of Digital Forensics” by Michael W. Graves, review by George ToftISBN-13: 978-0-321-80390-0$79.95Available: http://www.amazon.com/Digital-Archaeology-Art-Science-Forensics/dp/0321803906/ref=sr_1_1?ie=UTF8&qid=1425960252&sr=8-1&keywords=Digital+Archaeology+by+Michael+W.+GravesThe book “Digital Archaeology – the Art and Science of Digital Forensics” by Michael W. Graves sounds like any other boring book on forensics. I expected the same old “chain of custody rules, make exact copies of the hard drive” boring rules we've all read. Not so – Graves starts off with a thorough treatment of Constitutional Law supported by ample and recent case law citations explaining how and why certain procedures must be followed. The most obvious is the forensic examination – what is the legal justification that allows an investigator to actually look inside a computer? Did I say “starts off with . . .?” Actually, the first 20% of the book is devoted to Constitutional Law and it was far from boring, which law seems to be for many people. In this discussion, Graves points out the stark difference between a government investigator (any level of government) and a private investigator (anyone not employed by the government).Next, Graves develops establishing the credentials to be an investigator, because to be a credible investigator, one must be a credible witness in court, which means one must have credibility – training, certifications, use court-approved tools, and follow specific procedures to maintain the integrity of the evidence. Here's where the book gets really intense as Graves details all of the records the investigator needs to keep. Every decision and every action must be meticulously documented, and the clock begins from first contact.The book also comes with Chapter Exercises and Chapter References. It smacks of a college text book (not a bad thing, but useful to know), which also means it is highly searchable with a good table of contents and a 49 page Index – yes, almost 10% of the book is the Index. I noted a few typographical errors, but all-in-all, a surprisingly good book that really opens the reader's eyes to the minutia and attention to detail required in the world of digital forensics.If you think you knew something about digital forensics (and are not an investigator), this book will clearly show you how much you don't know.