Morning all,
I'm in my second year of a computer forensics degree and although i'm really enjoying it, i don't feel like I'm learning enough. The first year of our course was basically a general computing course and so far in to the second year we have four hours a week dedicated to forensic based learning, but most of this is criminology and law based. Overall, the course so far feels like its been slapped together.
I know a lot of this will be needed in the future but we have had hardly any hands on time with anything actually forensic based. There is only a single room at the university that have 'forensic machines' in them and it is only free for a couple of hours a week meaning i am unable to go in and go over any actual practical work we have done.
Could anyone recommend any books, tutorials, tools etc i could be learning whilst at home to help me progress.
Thanks in advance.
Hi,
Packt have puplished a lot of digital forensic books recently, for example, Practical Mobile Forensics.
If you are more interested in classic computer forensics, I'd recommend Digital Forensics with Open Source tools published by Syngress.
And, of cource, get a copy of Brian Carrier's File System Forensic Analysis.
There are a lot of good articles here, at Forensic Focus.
For news, articles, book releases, etc you can also check our project
http//weare4n6.com/
Looking at this page
http//
Why is the release of WRF 2/e such a great thing?
Thanks.
Because we really enjoyed the 1st edition and are waiting for the 2nd to be released )
Thanks for the quick replies. I will look at what you have mentioned already. I did forget to mention that at uni we are mainly using EnCase (When we do use anything).
Computer Forensics and Digital Investigation with EnCase Forensic v7 by Suzanne Widup is a good choice!
"Windows Forensic Analysis", second and fourth editions, as well as "Windows Registry Forensics", contain links to tools you can use. You can follow along in the various chapters and use the tools against images that you can find online. For example, Lance Mueller's blog, forensickb.com, has several "practicals" available, which are images of XP systems. David Cowen makes several Win7 images available along with his book, "Computer Forensics InfoSec Pro Guide".
Since the "reading books" part which already have been covered, my advice is the following
1. Tinker at home
- Get a cheap computer, buy one of Ebay or something so there is user data on it.
- Can also get hard drives that people have used, examining empty drives is not so rewarding.
- Get a Linux Live CD, Image the drives to your home computer.
- Play around with that on your free time. Make a timeline, detect artifacts etc. Ask your friends to "do something" on the drive and find it.
You do not need a writeblocker for tinkering at home so just have fun (You can always get one if you have too much money).
Also
2. Watch youtube
Nowadays there is plenty of videos about Forensics on Youtube that you can learn alot from (Blackhat, DefCon and such).
Thanks again for all the advise. You guys have been very helpful.