Join Us!

Notifications
Clear all

Computer Forensics JumpStart  

Page 1 / 2
  RSS
tmbstone
(@tmbstone)
New Member

Anyone know anything about this book? What are the top 3 recommended books for trying to learn about techniques and procedures for Computer Forensics?

Quote
Posted : 21/11/2005 8:03 pm
keydet89
(@keydet89)
Community Legend

> Anyone know anything about this book?

Amazon has a review. Google returns links to other reviews, as well as Synopsis entries.

HTH,

Harlan

ReplyQuote
Posted : 21/11/2005 8:10 pm
tmbstone
(@tmbstone)
New Member

Thank you. I was really looking for opinions from people on this site who are active in the field.

ReplyQuote
Posted : 21/11/2005 8:23 pm
arashiryu
(@arashiryu)
Active Member

I know the author and have attended his training classes. Haven't read the book yet, but his class was awesome and very informative.

ReplyQuote
Posted : 21/11/2005 8:26 pm
techmerlin
(@techmerlin)
Member

tmbstone,

This book is a nice place to start. I trained under one of the authors 'Neil Broom' and his knowledge and experience are well reflected in this book. The book will give you a first hand understanding of the industry from an insiders view.

Hope this helps

ReplyQuote
Posted : 21/11/2005 8:27 pm
tmbstone
(@tmbstone)
New Member

Thanks guys! There are just so many books and Certs out there…just not sure where to start.

ReplyQuote
Posted : 21/11/2005 9:01 pm
cblume
(@cblume)
New Member

I have read most of this book. It didn't impress me at all. It's a surface-level book with a lot of wasted space, maybe if you want to skim it in a bookstore …

My book recommendation certainly has to go to "Real Digital Forensics" by Keith Jones. It's quite new, and the most comprehensive that I've seen. Hopefully I'll get a chance to sit down and write a full review on it.

ReplyQuote
Posted : 21/11/2005 9:56 pm
keydet89
(@keydet89)
Community Legend

cblume,

Did you really enjoy "Real Digital Forensics"? I read the chapter that is available online, and wasn't impressed at all. I picked the book up in the bookstore, and read through the chapter concerning post-mortem investigation of a Windows system, and was equally unimpressed.

Can you provide some insight as to what you found that you could recommend about "RDF"?

ReplyQuote
Posted : 21/11/2005 10:16 pm
cblume
(@cblume)
New Member

keydet89,

"Real Digital Forensics" is comprehensive in its scope; it covers all major (and some not-so-major subjects) in a concise manner. In my opinion, forensics books shouldn't be about theory or conceptual topics. There are far too many to cover in a broad subject like "forensics" – and not appropriate, considering most of the theory to be used is from other major fields in CS/IT, and simply put into practice in a limited way in the practice of forensics.

If you could be more specific about your dislike of the book, I could understand and respond. Were there other topics you thought should have been covered? Was it too concise or lacking in information?

The book is clear, and realistic – it focuses on forensics profession specifics. As talked about in the introduction, they don't lean towards the use of commercial tools – you use the right tool for the job, if the only tool for the job is commercial, then it's the best tool available – and likewise with any free or open source tool.

ReplyQuote
Posted : 22/11/2005 1:51 am
keydet89
(@keydet89)
Community Legend

> If you could be more specific about your dislike of the book

I never said I didn't like the book…I simply said that I wasn't impressed. Perhaps this is because the book focuses on a case…I'd be more interested in demonstrable, reproducible examples of deeper analysis, in general.

The sample chapter I mentioned is available here
http//www.awprofessional.com/bookstore/product.asp?isbn=0321240693&rl=1

A couple of concerns I had about the chapter

- The sample chapter goes over the use of netcat, but doesn't say why another method, such as using Perl, isn't equally as sound.

- Fport is used, but there's no mention that admin rights are required to run fport. Openports, from DiamondCS, doesn't require admin rights.

- Pslist from Sysinternals.com was used to list running processes, but that tool does not show the path to executable image OR the command line used to launch the process.

I agree that books need to be clear and realistic…and I'm also aware that the book was about a specific case, so going into detail about other aspects of Registry analysis wasn't the intention of the book.

My book focuses on Windows-specific issue, with Windows-specific solutions.

ReplyQuote
Posted : 22/11/2005 2:53 am
armresl
(@armresl)
Senior Member

I would also agree Jumpstart is very very basic and I would not recommend it. There are so many books out there and I think that most of us have a lot of them but this is one I would leave out.

ReplyQuote
Posted : 22/11/2005 8:57 am
andy1500mac
(@andy1500mac)
Member

I think any book on the subject, if written by someone in "the know"
will have its pro's as well as con's. As long as the information contained in the book is not incorrect, then it boils down to writing styles and how the information is presented.

Those with more experience will be better equipped to point out any
discrepencies but again, my feeling is that as long as the information, techniques and methods are correctly presented then a read is pretty subjective.

I got half way through the sample chapter and actually liked the way the author steps through the investigation….maybe because I'm fairly new to learning the discipline.

I'll probably pick up RDF….

Andrew-

ReplyQuote
Posted : 22/11/2005 6:23 pm
Chris55728
(@chris55728)
Junior Member

One book I've found very useful is 'File System Forensic Analysis' by Brian Carrier. A bit on the heavy side but very good.

Also 'Computer Forensic Essentials' was a good read as background before I got my current job.

If you really want to go back to basics then 'Forensic Computer A Practitioner's Guide' is a good read but it was published in 2000 so don't expect any cutting edge information!

ReplyQuote
Posted : 22/11/2005 7:58 pm
tmbstone
(@tmbstone)
New Member

This book? http//www.dsmiller.com/html/Books-Law-Forensic-Science-Forensic-Sciences-0201707195.htm

ReplyQuote
Posted : 23/11/2005 11:12 pm
Jamie
(@jamie)
Community Legend

One book I've found very useful is 'File System Forensic Analysis' by Brian Carrier. A bit on the heavy side but very good…If you really want to go back to basics then 'Forensic Computer A Practitioner's Guide' is a good read

Couldn't agree more. The best two "foundational" books on the market IMHO.

Jamie

ReplyQuote
Posted : 24/11/2005 6:41 am
Page 1 / 2
Share: