by Chet Hosmer, Joshua Bartolomie and Rosanne Pelli
Reviewed by Scar de Courcier, Forensic Focus
Ensuring the integrity of evidence is one of the most important parts of the digital forensic investigation process, and yet according to some reports it is one of the most frequently overlooked in courses on the subject.
The title of Hosmer, Bartolomie & Pelli’s book is Executing Windows Command Line Investigations While Ensuring Evidentiary Integrity, and as far as I can tell it is the only book that gives a step-by-step guide to the Windows command line for DFIR practitioners.
Sensibly, the book begins with a discussion of the impact of Windows command line investigations. Not only does this set the scene for why the book’s subject is important, it also helps investigators to understand some of the situations in which command line investigations might be necessary and some of the vulnerabilities they might come across.