±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35965
New Yesterday: 0 Visitors: 95

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Computer Forensics JumpStart

Discussion of computer forensics employment and career issues.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2, 3  Next 
  

keydet89
Senior Member
 

Re: Computer Forensics JumpStart

Post Posted: Nov 21, 05 23:16

cblume,

Did you really enjoy "Real Digital Forensics"? I read the chapter that is available online, and wasn't impressed at all. I picked the book up in the bookstore, and read through the chapter concerning post-mortem investigation of a Windows system, and was equally unimpressed.

Can you provide some insight as to what you found that you could recommend about "RDF"?  
 
  

cblume
Member
 

Re: Computer Forensics JumpStart

Post Posted: Nov 22, 05 02:51

keydet89,

"Real Digital Forensics" is comprehensive in its scope; it covers all major (and some not-so-major subjects) in a concise manner. In my opinion, forensics books shouldn't be about theory or conceptual topics. There are far too many to cover in a broad subject like "forensics" -- and not appropriate, considering most of the theory to be used is from other major fields in CS/IT, and simply put into practice in a limited way in the practice of forensics.

If you could be more specific about your dislike of the book, I could understand and respond. Were there other topics you thought should have been covered? Was it too concise or lacking in information?

The book is clear, and realistic -- it focuses on forensics profession specifics. As talked about in the introduction, they don't lean towards the use of commercial tools -- you use the right tool for the job, if the only tool for the job is commercial, then it's the best tool available -- and likewise with any free or open source tool.  
 
  

keydet89
Senior Member
 

Re: Computer Forensics JumpStart

Post Posted: Nov 22, 05 03:53

> If you could be more specific about your dislike of the book

I never said I didn't like the book...I simply said that I wasn't impressed. Perhaps this is because the book focuses on a case...I'd be more interested in demonstrable, reproducible examples of deeper analysis, in general.

The sample chapter I mentioned is available here:
www.awprofessional.com...40693&rl=1

A couple of concerns I had about the chapter:

- The sample chapter goes over the use of netcat, but doesn't say why another method, such as using Perl, isn't equally as sound.

- Fport is used, but there's no mention that admin rights are required to run fport. Openports, from DiamondCS, doesn't require admin rights.

- Pslist from Sysinternals.com was used to list running processes, but that tool does not show the path to executable image OR the command line used to launch the process.

I agree that books need to be clear and realistic...and I'm also aware that the book was about a specific case, so going into detail about other aspects of Registry analysis wasn't the intention of the book.

My book focuses on Windows-specific issue, with Windows-specific solutions.  
 
  

armresl
Senior Member
 

Re: Computer Forensics JumpStart

Post Posted: Nov 22, 05 09:57

I would also agree Jumpstart is very very basic and I would not recommend it. There are so many books out there and I think that most of us have a lot of them but this is one I would leave out.
_________________
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 
 
  

andy1500mac
Senior Member
 

Re: Computer Forensics JumpStart

Post Posted: Nov 22, 05 19:23

I think any book on the subject, if written by someone in "the know"
will have its pro's as well as con's. As long as the information contained in the book is not incorrect, then it boils down to writing styles and how the information is presented.

Those with more experience will be better equipped to point out any
discrepencies but again, my feeling is that as long as the information, techniques and methods are correctly presented then a read is pretty subjective.

I got half way through the sample chapter and actually liked the way the author steps through the investigation....maybe because I'm fairly new to learning the discipline.

I'll probably pick up RDF….

Andrew-  
 
  

Chris55728
Senior Member
 

Re: Computer Forensics JumpStart

Post Posted: Nov 22, 05 20:58

One book I've found very useful is 'File System Forensic Analysis' by Brian Carrier. A bit on the heavy side but very good.

Also 'Computer Forensic Essentials' was a good read as background before I got my current job.

If you really want to go back to basics then 'Forensic Computer: A Practitioner's Guide' is a good read but it was published in 2000 so don't expect any cutting edge information!  
 
  

tmbstone
Newbie
 

Re: Computer Forensics JumpStart

Post Posted: Nov 24, 05 00:12

 

Page 2 of 3
Page Previous  1, 2, 3  Next