Do you know any good books?

meh

File System Forensic Analysis, from Carrier.
Windows Forensic Analysis, from Carvey.

Thanks, I have a look at these.

Cheers

Speaking about yourself in the 3rd person there Mr Carvey? Next you'll be using the "royal we". P

Harlan's book (WFA) is good however in the interest of full disclosure to a new member he should probably have informed you that he's recommending his own book.

Carrier's book is also excellent, however I know of a couple of occasions where some of his assertions on file systems aren't supported by testing. These are generally very minor issues however like the exact time when the sequence number on an MFT record is updated when you delete a file and a new file is placed in that record.

Thanks for the info. Also had a bit of a laugh to myself there … recommending ones own book. Fair play, might actually have to pick it up now!

Thanks for the info again.

Much appreciated,

Craig

What is the need for saying that?

Yes he is recommending his own book, so what. Since you are into being so correct on what people say. The OP said

"I am hopefully going to have some time off soon, so I am looking to know if you guys have any good books (forensic based) I could read while I am off."

He didn't say if you are recommending a book, please let me know if you wrote it, by most everyone's account when looking for a book on CF those 2 books will be in the top 5.

Speaking about yourself in the 3rd person there Mr Carvey? Next you'll be using the "royal we". P

Harlan's book (WFA) is good however in the interest of full disclosure to a new member he should probably have informed you that he's recommending his own book.

Carrier's book is also excellent, however I know of a couple of occasions where some of his assertions on file systems aren't supported by testing. These are generally very minor issues however like the exact time when the sequence number on an MFT record is updated when you delete a file and a new file is placed in that record.

hehehe - I think those comments were tongue-in-cheek….

Nevertheless…. as many times as we mention and reference Brian and Harlan's books around here and in our jobs… they can mention their names in 1st, 2nd, 3rd or nth person… Frankly, my dear - I don't give a damn! *insert cheesy grin here*

Have a safe weekend, all!
-=ART=-

@forensicakb - I thought we'd been over this before? Leave the moderating to me.

In answer to the question, though, it's simply good form to disclose your association with anything you recommend. I'm guessing most people understand that.

Jamie

What is the need for saying that?

Yes he is recommending his own book, so what. Since you are into being so correct on what people say. The OP said

"I am hopefully going to have some time off soon, so I am looking to know if you guys have any good books (forensic based) I could read while I am off."

He didn't say if you are recommending a book, please let me know if you wrote it, by most everyone's account when looking for a book on CF those 2 books will be in the top 5.

I think it's reasonable that if someone is recommending their own product that they should make it clear that they are recommeding their own product.

This is not taking anything away from Harlan's book, which is good.

Have a nice weekend.

Jonathan

Let me throw this out there….

For a new member who does not know who Harlan is or anything about his book, it may come across as a little egotistical. Not to speak for Harlan but I am willing to consider that this was done in the interest of modesty and not as a omission of full disclosure.

Would it be better for a new member to see a post from "KeyDet" that says something like… read FSFA by Carrier and WFA by Carvey (we all agree on the value of those books so its not like either would be recommending a book that we consider invaluable)

OR

Read FSFA by Carrier and read WFA by me.

The points on full disclosure are well taken… No arguments being made against what others have written.

I'm just sayin…