The Official EnCE: Encase Certified Examiner Study Guide by Steve Bunting and William Wei Guidance Software's EnCase product is the premier computer forensics tool on the market, used in law enforcement labs for digital evidence collection; in commercial settings for incident response and information assurance; and by the FBI and Department of Defense to detect domestic and international threats. This guide prepares readers for both the CBT and practical phases of the exam that validates mastery of EnCase. Written by two law enforcement professionals who are computer forensics specialists and EnCase trainers, it includes the "EnCase Legal Journal", essential for forensics investigators who need to be sure they are operating within the law and able to give expert testimony. The CD includes tools to help readers prepare for Phase II of the certification, which requires candidates to examine computer evidence, as well as a searchable PDF of the text.
READ FORENSIC FOCUS REVIEW
Order from: Amazon UK / Amazon US

Forensic Computing: A Practitioner's Guide by Tony Sammes and Brian Jenkinson In this book, Tony Sammes and Brian Jenkinson show how information held in computer systems can be recovered and how it may be deliberately hidden or subverted for criminal purposes. "Forensic Computing: A Practitioner's Guide" is illustrated by plenty of case studies and worked examples, and will help practitioners and students gain a clear understanding of:* how to recover information from computer systems in such a way as to ensure that its integrity cannot be challenged and that it will be accepted as admissible evidence in court* the principles involved in password protection and data encryption* the evaluation procedures used in circumventing these safeguards* the particular legal issues associated with computer-generated evidence and how to ensure admissibility of such evidence.
Order from: Amazon UK / Amazon US

Digital Evidence and Computer Crime by Eoghan Casey
Digital Evidence and Computer Crime provides an introduction to many concepts from computer science about networks, and in particular the Internet. It details the application of forensic science principles to the location, recovery, and examination of digital evidence. Each chapter in the book is fully supported by case examples to clarify particular points made. It also contains many references to specialized literature and on-line resources as well as a helpful glossary of terms...this book can be recommended mainly for people looking to expand their general knowledge and awareness of computer crime and the process of computer crime investigation, particularly those just entering the field of digital forensics.
Order from: Amazon UK / Amazon US

Computer Forensics: Incident Response Essentials by Warren G. Kruse II and Jay Heiser
This book offers information professionals a disciplined approach to implementing a comprehensive incident-response plan, with a focus on being able to detect intruders, discover what damage they did and hopefully find out who they are. There is little doubt that the authors are serious about cyber investigation. They advise companies to "treat every case like it will end up in court" and although this sounds extreme, it is good advice. Upon detecting a malicious attack on a system, many system administrators react instinctively. This often involves fixing the problem with minimal downtime, then providing the necessary incremental security to protect against an identical attack. The authors warn that this approach often contaminates evidence and makes it difficult to track the perpetrator. This book describes how to maximise system up-time while protecting the integrity of the "crime scene".
Order from: Amazon UK / Amazon US

Incident Response and Computer Forensics by Chris Prosise and Kevin Mandia
This book aims to teach you how to determine when an attack has occurred or is underway--they're often hard to spot--and show you what to do about it. A strong system of defences will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Authors Kevin Mandia and Chris Prosise favour a tools--and procedures-centric approach to the subject, thereby distinguishing this book from others that catalogue attacks and methods for dealing with each. The approach is more generic and therefore better suited to dealing with newly emerging attack techniques. Anti-attack procedures are presented with the goal of identifying, apprehending and successfully prosecuting attackers and the advice on carefully preserving volatile information, such as the list of processes active at the time of an attack, is easy to follow.
Order from: Amazon UK / Amazon US

Handbook of Computer Crime Investigation: Forensic Tools and Technology by Eoghan Casey (Editor)
Following on the success of his introductory text, Digital Evidence and Computer Crime, Eoghan Casey brings together a few top experts to create the first detailed guide for professionals who are already familiar with digital evidence. The Handbook of Computer Crime Investigation helps readers master the forensic analysis of computer systems with a three-part approach covering tools, technology, and case studies. The Tools section provides the details on leading software programs, with each chapter written by that product's creator. The section ends with an objective comparison of the strengths and limitations of each tool. The main Technology section provides the technical "how to" information for collecting and analyzing digital evidence in common situations, starting with computers, moving on to networks, and culminating with embedded systems. The Case Examples section gives readers a sense of the technical, legal, and practical challenges that arise in real computer investigations.
Order from: Amazon UK / Amazon US