Forensic Related Books
I've just spent the past three months working in LE for my industrial placement. I spent the majority of my time in the HTCU recovering and examining data from mobile devices. This was great as I hadn't touched upon mobile forensics in my University degree. However, as I haven't touched computer forensics for a while, I feel a bit out of sync.
Could anyone recommend a computer forensic book. I'm aware computer forensics is a broad subject in itself (networking, hard-disk recover, etc) but I have yet to focus on one specific forensic area - So i'm open for ideas.
The Basics of Digital Forensics
By John Sammons
Pub. Date August 1, 2011
Print ISBN-13 978-1-59749-661-2
Web ISBN-13 978-1-59749-662-9
this is not bad starter
can be found online on http//my.safaribooksonline.com
Brian Carrier's File System Forensic Analysis
Harlan Carvey's Windows Forensic Analysis
Farmer and Venema's Forensic Discovery
Could anyone recommend a computer forensic book. I'm aware computer forensics is a broad subject in itself (networking, hard-disk recover, etc) …
Sammes & Jenkinson's book Forensic Computing A Practitioner's Guide
Computer forensics is more of an attitude towards a subject (computers and IT and stuff). Most books you find will give you fairly little of the 'forensic' mindset you'll usually get answer to questions that rarely are well or even adequately expressed. (I believe that partly is because the basic forensic questions are asked by lawyers or their nearest corporate equivalents – questions that bear on intent, liability, gradations of doubt/certainty … 'legal' questions on just what is 'true' in some particular case … and even admissible as evidence of truth. So the basic literature should probably come from that side of the street, or from the corporate world's closest approximation of it.)
The 'forensic' part is fairly general, I believe – you can apply it to just about any subject.
I can't recommend any 'forensic' books – that will be specific for the jurisdiction(s) you work in. It's not likely to be the one where I work.
The 'computer' part is quite specific. (Much of what goes under the name of 'computer forensics' these days went under the name of 'hacking' twenty years ago – thorough knowledge of the details how a piece of hardware or software works. That in itself is not 'forensic', but the foundation that must be there.) The particular parts of interest are those that bear or the legal questions already mentioned, how you identify them, and interpret them.
The book I recommended …
It does start from beginnings, and it does go mainly into computer related stuff, but … many practictioners do not have that background. And you have to be able to actually, I am convinced that a good 'computer forensic' practitioner needs some kind of thorough IT education as background (or nearest approximation to it) – just as a forensic pathologist needs to be a physician, not someone who just happened to learn a bit of medicine.
So anything on the workings of computers, operating systems and application software will be 'forensic' if you approach it with your forensic hat on. For something like disk encryption, you probably want the manufacturer's courses for administrators – you need to know how the thing works, what to do when it doesn't work, and what the standard tools are. There are no 'computer forensic' books on that. Much the same thing with application software – if you are to investigate email from an Exchange environment, it will almost certain help if you know Exchange as an Exchange administrator knows it. And so on.
Just completed my MSc in Computer Forensics, so I have developed a mini-library of forensic books ) Here's a few of the books I went back to time and again
Brian Carrier - File System Forensic Analysis - The core book for any forensic library. Explains the computer file system at a low-level, which gives you a huge insight into the file system at the hex/binary level.
Venema & Farmer - Forensic Discovery - a great beginning overview of computer forensics.
Jones, Betjlich, Rose - Real Digital Forensics - Another great all rounder book. Has a great section on analysing unknown programs (stack analysis etc)
Harlan Carvey - Windows Forensics and Incident Recovery - focuses on Windows forensics (duh). Really points out what to look for on a Windows system during an examination. Great section on perl for Windows - the forensicator's language of choice )
Altheide, Carvey - Digital Forensics with Open Source Tools - does what it says on the tin. If you haven't shelled out for EnCase/FTK, this provides you with the alternative tools to do the job (it also doesn't hurt to have alternatives anyway!)
Eoghan Casey - Handbook of Digital Forensics and Investigation - Gives a good introduction to Windows, Linux and Mac forensics, as well as mobile forensics. Good section on methodology as well.
Specifically looking at mobile forensics, there's
Andrew Hoog - Android Forensics
Hoog, Strzempka - iPhone and iOS Forensics
Jonathon Zdziarski - iPhone Forensics
There's also a wealth of information on the authors' blogs - much of it updating/improving on material in the books. But as athulin says, there's no "catch all" book - many of the ones above offer a broad overview, but if you want to focus on a subject, you're probably better off going online and reading white papers, blogs etc to get the more specific information.
Cheers all. Great responses as always!
I am convinced that a good 'computer forensic' practitioner needs some kind of thorough IT education as background (or nearest approximation to it) – just as a forensic pathologist needs to be a physician, not someone who just happened to learn a bit of medicine.
I would also recommend "The Cuckoo's Egg" by Cliff Stoll.