Anyone know anything about this book? What are the top 3 recommended books for trying to learn about techniques and procedures for Computer Forensics?
> Anyone know anything about this book?
Amazon has a review. Google returns links to other reviews, as well as Synopsis entries.
HTH,
Harlan
Thank you. I was really looking for opinions from people on this site who are active in the field.
I know the author and have attended his training classes. Haven't read the book yet, but his class was awesome and very informative.
tmbstone,
This book is a nice place to start. I trained under one of the authors 'Neil Broom' and his knowledge and experience are well reflected in this book. The book will give you a first hand understanding of the industry from an insiders view.
Hope this helps
Thanks guys! There are just so many books and Certs out there…just not sure where to start.
I have read most of this book. It didn't impress me at all. It's a surface-level book with a lot of wasted space, maybe if you want to skim it in a bookstore …
My book recommendation certainly has to go to "Real Digital Forensics" by Keith Jones. It's quite new, and the most comprehensive that I've seen. Hopefully I'll get a chance to sit down and write a full review on it.
cblume,
Did you really enjoy "Real Digital Forensics"? I read the chapter that is available online, and wasn't impressed at all. I picked the book up in the bookstore, and read through the chapter concerning post-mortem investigation of a Windows system, and was equally unimpressed.
Can you provide some insight as to what you found that you could recommend about "RDF"?
keydet89,
"Real Digital Forensics" is comprehensive in its scope; it covers all major (and some not-so-major subjects) in a concise manner. In my opinion, forensics books shouldn't be about theory or conceptual topics. There are far too many to cover in a broad subject like "forensics" – and not appropriate, considering most of the theory to be used is from other major fields in CS/IT, and simply put into practice in a limited way in the practice of forensics.
If you could be more specific about your dislike of the book, I could understand and respond. Were there other topics you thought should have been covered? Was it too concise or lacking in information?
The book is clear, and realistic – it focuses on forensics profession specifics. As talked about in the introduction, they don't lean towards the use of commercial tools – you use the right tool for the job, if the only tool for the job is commercial, then it's the best tool available – and likewise with any free or open source tool.
> If you could be more specific about your dislike of the book
I never said I didn't like the book…I simply said that I wasn't impressed. Perhaps this is because the book focuses on a case…I'd be more interested in demonstrable, reproducible examples of deeper analysis, in general.
The sample chapter I mentioned is available here
http//
A couple of concerns I had about the chapter
- The sample chapter goes over the use of netcat, but doesn't say why another method, such as using Perl, isn't equally as sound.
- Fport is used, but there's no mention that admin rights are required to run fport. Openports, from DiamondCS, doesn't require admin rights.
- Pslist from Sysinternals.com was used to list running processes, but that tool does not show the path to executable image OR the command line used to launch the process.
I agree that books need to be clear and realistic…and I'm also aware that the book was about a specific case, so going into detail about other aspects of Registry analysis wasn't the intention of the book.
My book focuses on Windows-specific issue, with Windows-specific solutions.