Computer Forensics ...
 
Notifications
Clear all

Computer Forensics JumpStart

16 Posts
10 Users
0 Likes
1,154 Views
(@tmbstone)
Posts: 9
Active Member
Topic starter
 

Anyone know anything about this book? What are the top 3 recommended books for trying to learn about techniques and procedures for Computer Forensics?

 
Posted : 21/11/2005 8:03 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

> Anyone know anything about this book?

Amazon has a review. Google returns links to other reviews, as well as Synopsis entries.

HTH,

Harlan

 
Posted : 21/11/2005 8:10 pm
(@tmbstone)
Posts: 9
Active Member
Topic starter
 

Thank you. I was really looking for opinions from people on this site who are active in the field.

 
Posted : 21/11/2005 8:23 pm
arashiryu
(@arashiryu)
Posts: 122
Estimable Member
 

I know the author and have attended his training classes. Haven't read the book yet, but his class was awesome and very informative.

 
Posted : 21/11/2005 8:26 pm
techmerlin
(@techmerlin)
Posts: 62
Trusted Member
 

tmbstone,

This book is a nice place to start. I trained under one of the authors 'Neil Broom' and his knowledge and experience are well reflected in this book. The book will give you a first hand understanding of the industry from an insiders view.

Hope this helps

 
Posted : 21/11/2005 8:27 pm
(@tmbstone)
Posts: 9
Active Member
Topic starter
 

Thanks guys! There are just so many books and Certs out there…just not sure where to start.

 
Posted : 21/11/2005 9:01 pm
(@cblume)
Posts: 13
Active Member
 

I have read most of this book. It didn't impress me at all. It's a surface-level book with a lot of wasted space, maybe if you want to skim it in a bookstore …

My book recommendation certainly has to go to "Real Digital Forensics" by Keith Jones. It's quite new, and the most comprehensive that I've seen. Hopefully I'll get a chance to sit down and write a full review on it.

 
Posted : 21/11/2005 9:56 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

cblume,

Did you really enjoy "Real Digital Forensics"? I read the chapter that is available online, and wasn't impressed at all. I picked the book up in the bookstore, and read through the chapter concerning post-mortem investigation of a Windows system, and was equally unimpressed.

Can you provide some insight as to what you found that you could recommend about "RDF"?

 
Posted : 21/11/2005 10:16 pm
(@cblume)
Posts: 13
Active Member
 

keydet89,

"Real Digital Forensics" is comprehensive in its scope; it covers all major (and some not-so-major subjects) in a concise manner. In my opinion, forensics books shouldn't be about theory or conceptual topics. There are far too many to cover in a broad subject like "forensics" – and not appropriate, considering most of the theory to be used is from other major fields in CS/IT, and simply put into practice in a limited way in the practice of forensics.

If you could be more specific about your dislike of the book, I could understand and respond. Were there other topics you thought should have been covered? Was it too concise or lacking in information?

The book is clear, and realistic – it focuses on forensics profession specifics. As talked about in the introduction, they don't lean towards the use of commercial tools – you use the right tool for the job, if the only tool for the job is commercial, then it's the best tool available – and likewise with any free or open source tool.

 
Posted : 22/11/2005 1:51 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

> If you could be more specific about your dislike of the book

I never said I didn't like the book…I simply said that I wasn't impressed. Perhaps this is because the book focuses on a case…I'd be more interested in demonstrable, reproducible examples of deeper analysis, in general.

The sample chapter I mentioned is available here
http//www.awprofessional.com/bookstore/product.asp?isbn=0321240693&rl=1

A couple of concerns I had about the chapter

- The sample chapter goes over the use of netcat, but doesn't say why another method, such as using Perl, isn't equally as sound.

- Fport is used, but there's no mention that admin rights are required to run fport. Openports, from DiamondCS, doesn't require admin rights.

- Pslist from Sysinternals.com was used to list running processes, but that tool does not show the path to executable image OR the command line used to launch the process.

I agree that books need to be clear and realistic…and I'm also aware that the book was about a specific case, so going into detail about other aspects of Registry analysis wasn't the intention of the book.

My book focuses on Windows-specific issue, with Windows-specific solutions.

 
Posted : 22/11/2005 2:53 am
Page 1 / 2
Share: