SANS Digital Forensics and Incident Response Blog

Review of "Principles and Practice of Criminalistics"

by Mike Murr

One of my favorite forensics books is "Principles and Practice of Criminalistics: The Profession of Forensic Science". I feel the authors do an excellent job at providing a strong foundation for forensic science. The book is divided into three sections. The first section provides a brief history and background of forensic science. The next section details fundamental principles of forensics. I found this section especially interesting, because it talks about classification, identification, and individualization. Topics we don't talk a lot about in digital forensics. The final section presents a more practical approach, covering topics such as report writing, communicating your results to others, and good laboratory practices.

There are a few aspects of the book that I felt could be improved. First it does not address digital forensics at all, instead focusing solely on traditional forensics. Despite this lack of coverage, it is easy to extend and apply the concepts in the book directly to digital forensics. Another area I felt could be improved was the discussion of how trait transfer applies to Locard's work. The authors briefly mention the idea that "what is being transferred is information about the source of the evidence." I feel that this has a tremendous impact in the field of digital forensics, because a large function of computing devices is the manipulation of symbolic information.

Overall I would give this book a 4.75 out of 5 rating. While I did thoroughly enjoy the book, and refer to it quite often, I do find some of the examples a bit difficult to follow at times. Despite the mentioned areas for improvement, I would highly recommend this book to anyone entering (or already in) the field of forensic science.

Mike Murr is a forensics analyst with Code-X Technologies, has conducted numerous investigations and computer forensic examinations, as well as performing specialized research and development. He is also an instructor with the SANS Institute.