Book Reviews

Bottom Line:

       This one does what it says on the tin in a clear, readable format that should be accessible to most of the population. Those with a technical background will need to skim large sections, thankfully the book’s clear format makes that easy.  

  1. Did I learn something?
    1. I developed a high level understanding of the digital forensics field.
    2. I learned quite a few interesting tidbits about Windows.
    3. I learned quite a bit about the legal tangles involved in digital evidence.
  2. Did I enjoy the time spent reading it?
    1. Yes. I really enjoyed the anti-forensics chapter.
  3. Would recommend to:
    1. Those studying law, studying criminal justice, or police officers in field work.  Chapter 7 on legal aspects and Chapter 10 on mobile devices would be particularly relevant.
    2. Those considering a career in forensics. The author provides many details about the ‘daily grind’ and some professional pitfalls of being an examiner throughout the book.
    3. Career changers who want to get into tech but aren’t sure that full on software development suits them and are looking for related career paths.
    4. Veteran lawyers struggling with digital evidence reports or are new to digital evidence in general. Chapter 10 on mobile device is especially relevant, although Chapter 7 is unlikely to contain anything they don’t already know.
  4. Would not recommend to:
    1. DevSecOps and Infosec folks looking to better their intrusion postmortems and guidance on how to conduct their own detection & collection, effectively forensics, during or after an attack.
    2. The technically inclined looking for a deeper insight into the software that powers digital forensics. This was very much focused on the squishier side of the keyboard.

On Content:

      In general, I found the content to be good quality and easily digestible. The presentation of the forensics process, the factors that influence its application in the digital space, and what makes for a successful investigation from start to finish stand out in particular.

      The preface of the book discusses the intended audience and the expectation that readers have a ‘fundamental understanding’ of computers. The explanations for different bits of technology were so vague and so high level that they must be meant for those with no understanding of computers, not a ‘fundamental’ one.  I found the partial sector data recovery and the encryption examples to be especially drawn out and hand wavy, and advise anyone technically inclined to skip those sections.

      “You cannot trust closed-source crypto”  on page 87 is probably the boldest line in the entire book. The author is careful to present balanced arguments around open source versus closed source forensic software suites, the possession of disk wiping tools, etc. So it was a bit startling to see him take an unequivocal stance around something that is still controversial in public discourse.

      Chapter 6 on anti-forensics is most likely to appeal to those in tech with a pen-ten or tinkering bent, and it was my favorite chapter. I was surprised to learn that Steganography is still one of the most effective ways to foil forensics; even if the examiners know to look for it in the first place. I remember learning about it while researching Benedict Arnold in high school and doing an in class demo of the spy’s technique. I had thought it largely obsolete and I was wrong.

      I had some smaller gripes with the book. I didn’t love the windows exclusive focus, although I understand the stated rationale. Still, I expected some mention of common software found on servers and networking equipment in Chapter 9 on network forensics. I also thought the treatment of IRC was unbalanced. IRC is used by many developers working at tech companies, universities, and on open source projects, but only its use by criminal elements was noted. None of its legitimate uses were mentioned.

      I also wish the author had discussed the economics of the field more directly. He mentions various costs when discussing trade-offs for accreditation, for multiple tooling suites, and for physical supplies. He never directly discusses income. Reading between the lines around the emphasis on court admissibility that reoccurs throughout the book, I infer that the justice department and lawyers are the main clients of digital forensics. I think a direct discussion of that and its impact on the field would have been very useful.  

      The author repeats warnings and concerns about the gap between the speed of technology and court-admissible forensics tools throughout the book but avoids discussion of how to fix the problem. It’s not possible to discuss how to fix that widening gap without discussing the the influence and responsibility of the economic engine behind the field.

On Presentation:

      Writing was clear, concise and easy to follow. The chapter arrangement and section arrangement within each chapter flows smoothly. My only presentation nit is that the font size for the interviews in the book is much smaller than the paragraph text; it lost readability.

Books reviews are entirely my opinion and I am not editor. Please take them with a pound of salt. If you are looking for an in depth review, this is not it.

Introduction

‘American Lion’ focuses on President Andrew Jackson’s years in the White House, though it does cover his life start to finish. I became interested in the book after the author’s lively interview on the Daily Show. Then I forgot about it until I saw it lying on a friend’s shelf. He graciously lent me the book.

On Content:

The most fascinating part of the book dealt with the South Carolina Nullification crisis during Jackson’s time in office. The crisis was adverted, but the legal standing of a state’s right to nullify federal laws was not resolved. The Nullification crisis & its roots laid much of the legal groundwork for the American Civil War.  The South made many arguments about the ‘intents of the Framers’, to support their position, much like modern American politicians do today.

Monroe, a Founding Father (a Framer, former President, author of the ‘Virginia Resolutions’ cited in legal support of Nullification)  was alive and vocal that the ‘Virgina Resolutions’ did not extend to nullification and nullification of federal laws was not intended by the Constitution. He was roundly ignored by the South.

I found I learned more about the politics swirling about in the early days of America than about Jackson himself. I had heard of the Eaton affair in AP American History class, but was unaware of its impact on national politics. It caused Jackson to expel his niece for awhile from the position of White House Hostess (now understood the be the duties of the First Lady), determined who would be Jackson’s party’s successor(the next President), and even led one Cabinet minster to attempt to murder another.

On Style & Presentation:

I was expecting a lively and engaging narrative style was severely disappointed in that regard.  Large swatches of the book are exceedingly dry, and not good about conveying why I should care about its current topic. Some sections were so disjointed that I lost the narrative thread entirely. However, there were a couple chapters that I could not put down.

I also felt he told me about Jackson’s character more than demonstrating Jackson’s character. There are some vignettes to support his opinion of Jackson’s personality. They occurred much later in the book, after I had become annoyed at the overuse of adjectives and under use of examples. I wish he had held off his view of Jackson’s  until the supporting narrative had a chance to appear.

I also wish it had come with a family tree of Jackson’s relations. The many similar names often made it hard to follow who was whom, especially when citing family sources. Which Andrew wrote this particular quote? The man himself, his adopted son, his nephew, or one of his more distant relations?

Bottom line:

  1. Did I learn something?
    1. Yes, about the legal origins of the American Civil War.
    2. I did not learn as much about Jackson’s inner workings as I expected.
  2. Did I enjoy the time spent reading it?
    1. I would say I enjoyed about a third of the book. My friend did not bother finishing it.
  3. Would I recommend it?
    1. To someone trying to understand the evolution of the American presidency and capable of skimming, yes.
    2. To anyone else, no.