Join Us!

Computer Forensic B...
 
Notifications
Clear all

Computer Forensic Book for Teaching  

  RSS
charliebrown5280
(@charliebrown5280)
New Member

Hello!

Last year, I taught a computer forensic class for a community college to students that had little or no computer forensic experience. I used the book 'Guide to Computer Forensic Investigations' (link below) and it seemed to work okay.

Do any of you have any recommendations for computer forensic books that are great for teaching? There are some great books out there but many are geared towards a more advanced audience.

Thanks!

http//www.amazon.com/Guide-Computer-Forensics-Investigations-Third/dp/1418067334/ref=sr_1_1?ie=UTF8&s=books&qid=1228105960&sr=8-1

Quote
Posted : 01/12/2008 9:32 am
ecophobia
(@ecophobia)
Active Member

..a computer forensic class for a community college ? ? ? ?
roll

ReplyQuote
Posted : 01/12/2008 11:54 am
DFICSI
(@dficsi)
Active Member

Eoghan Casey's 'Digital Evidence and Computer Crime'.

Also 'Computer Forensics for Dummies' will be out soon.

ReplyQuote
Posted : 01/12/2008 3:09 pm
debaser_
(@debaser_)
Active Member

Eoghan Casey's 'Digital Evidence and Computer Crime'.

Also 'Computer Forensics for Dummies' will be out soon.

My vote is also for Digital Evidence and Computer Crime.

ReplyQuote
Posted : 01/12/2008 8:33 pm
rjpear
(@rjpear)
Member

..a computer forensic class for a community college ? ? ? ?
roll

What I find interesting…is that the Community colleges (I don't know the deal in this particular case) seem to be open to allowing people who actually do the work do the teaching on the side. Most Colleges/university's require an advance degree to teach due to Union restrictions etc.. but the smaller schools do not, or at least can circumvent their rules when applicable. (again..not to preclude the ones with advanced degrees who do the work..)

I am seeing too many schools start up programs on a whim using either Computer science or Criminal Justice Professors who have never done the WORK…but they have read about it in a book though.. !

I can just hear the war stories now… " I remember that time I …um…well.. in that chapter on data carving that you read..remember when that guy said…blah blah" ….. Oh I can see the student's heads smacking the desk right now…

Just my 2 cents//

ReplyQuote
Posted : 01/12/2008 9:25 pm
ecophobia
(@ecophobia)
Active Member

Digital forensics examiners must possess a range of skills to be able to do the job properly. In my view they must certainly have a solid computer + networking + programming background and be technically knowledgeable. I would expect someone with at least a degree in Computer Science or another relevant computer degree to perform the role of digital forensics examiner. I also have seen people with no such degrees, but with years of experience in computing field performing exceptionally well. That is where my scepticism about the community college and digital forensics comes from. No offence meant to anyone though.

P.S. 'Computer Forensics for Dummies' just makes it worse. )

ReplyQuote
Posted : 02/12/2008 1:35 am
rjpear
(@rjpear)
Member

Digital forensics examiners must possess a range of skills to be able to do the job properly. In my view they must certainly have a solid computer + networking + programming background and be technically knowledgeable. I would expect someone with at least a degree in Computer Science or another relevant computer degree to perform the role of digital forensics examiner. I also have seen people with no such degrees, but with years of experience in computing field performing exceptionally well. That is where my scepticism about the community college and digital forensics comes from. No offence meant to anyone though.

P.S. 'Computer Forensics for Dummies' just makes it worse. )

No Doubt that the folks you mention can do the job..it's just that they don't. The problem I think with alot of high education is the Ivory tower affect (or is it Effect?…see I don't even know that!). Alot of Book Learning and little of the Practical and REAL LIFE APPLICATION of the subject taught. There are times where "If you can't do, teach" comes into play. And in most instances the folks teaching the classes at the university level are CS Phd's/professors who do know networking/programming etc.. and were just thrown into the Forensic program because it's the flavor of the month so to speak.

And I super agree "Computer Forensics for Dummies" makes it REALLY WORSE…

ReplyQuote
Posted : 02/12/2008 1:42 am
ddow
 ddow
(@ddow)
Active Member

Do any of you have any recommendations for computer forensic books that are great for teaching? There are some great books out there but many are geared towards a more advanced audience.

If you use the 3rd Edition of the book and you're not teaching an advanced class, that's the best book (IMHO).

My choices for a more advanced class would be WFA by this Harlan Carvey fella and either Windows Forensics by Chad Steel or Internet Forensics by Jones. Much depends on the demographics of the students and the program they are in.

ReplyQuote
Posted : 02/12/2008 4:47 am
Bako
 Bako
(@bako)
New Member

charliebrown5280,

The book you mentioned did not seem to get good "press", at least looking at the reviews on Amazon. Note, I have not read the book, so I can not personally comment.

As for the Computer Forensics fpr Dummies, I was not aware of it, but reviewers on Amazon seem impressed and it is cheap!

You could go many ways with this, all pretty much dependent on the level of sophistication of your audience.

In my current postgrad course we used "Computer Evidence Collection & Preservation", by Chris LT brown. Its the 1st ed (2005).
It was a very good book IMHO, at least as a base platform for learning about the importance of the preservation and acquisition of evidence. The goal is teaching the new forensics practitioner about the importance of following an appropriate methodology, being able to defend their process and of course understanding the ins and outs of it. For example it goes into issues like volatility of evidence, locard's exchange principle, securing a crime scene, how external "influences" could potentially contaminate your scene, hardware, software, putting together a lab etc. Its also a bit cheaper than some of the others.

There are other good texts/references as well, each with a different emphasis or approach to differing parts of the whole forensics process.

I think the key to it (from a learning perspective) is to expose students to multiple information sources as well. On top of this, practical exposure (leveraging experienced practitioners with actual "real-world" experience) is also paramount to learning - much like the others have also mentioned.

Eoghan Casey's book is full on, a great text to have and would be a great reference. If you want a more practical course (where students could get a much quicker start), you may want to look for something else.

Some other titles you may want to consider using, or perhaps sub sections of them since they are more specialist texts and probably aimed at people who are more experienced, are

File System Forensic Analysis - Brian Carrier's book (2005). This gives a very good insight into the mechanics of different filesystems, hard drive operation etc. Check the write up on amazon.

Harlan Carvey's books are also a great resource. He has a few. Windows Forensic Analysis Including DVD Toolkit (2007). A great book for live response, memory analysis, registry and file analysis. The registry section is really a great resource!

Windows Forensics and Incident Recovery (2004). A good resource if investigating Windows environments is what you need. Its certainly worth a look and I started reading it a few years back when doing IR work.

Incident Response and Computer Forensics, 2nd ed (2003), Chris Prosise, Matt Pepe and Kevin Mandia. This is also a good book to teach processes and a good starting point for incident investigations.

Real Digital Forensics Computer Security and Incident Response (2005), Keith J. Jones, Richard Bejtlich and Curtis W. Rose. Some big names on the cover here, and this book really delivers. It is intense and may not be suitable for beginners in the field, but it packs a wallop! It has an accompanying DVD with a fair amount of captured data (intrusions) for the reader to actually work through as they progress through the book. This is definitely worth a look.

As a footnote, I come from a related field (ITsec and IR) so digital forensics has been a fascinating journey for me so far. The one thing I have learnt which my other field didn't emphasise too much is how "precious" digital evidence can be and the steps you need to follow not to "contaminate" evidence during any investigation.

I hope some of this helps!

ReplyQuote
Posted : 08/12/2008 11:12 am
gtorgersen
(@gtorgersen)
Member

I also think that you must distinguish between IR (Incident Response) and other forms of computer forensic

Gary Torgersen
Document SOlutions, Inc

ReplyQuote
Posted : 09/12/2008 7:56 am
Bako
 Bako
(@bako)
New Member

Gary,

That is very true. There is perhaps some bias there in the list, however the first book (Brown) is a good foundational one.

Cheers.

ReplyQuote
Posted : 09/12/2008 9:58 am
zetha
(@zetha)
New Member

Ciao
One good book is Vietse Venema's "Forensic Discovery". It is available in book stores and here http//www.porcupine.org/forensics/forensic-discovery/

You will also find a crash course on TCT here http//www.porcupine.org/forensics/

Have fun
-z

ReplyQuote
Posted : 09/12/2008 1:41 pm
Bako
 Bako
(@bako)
New Member

Forensic Discovery is another excellent book!

The only thing is that its not really a beginner's book.

Cheers!

ReplyQuote
Posted : 10/12/2008 5:54 am
Share: