Forensics Books

Windows Forensic Analysis Including DVD Toolkit

Harlan Carvey

Amazon Price: $41.96 List Price: $59.95 Usually ships in 24 hours By: Syngress Amazon Marketplace: 36 new & used starting at $41.95

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Hacking
Subjects -> Computers & Internet -> Computer Science -> General
Subjects -> Computers & Internet -> Computer Science -> General AAS

Customer Reviews:
Total reviews: 11 Average rating: 5.0 of 5

Taking Windows Analysis to the Next Step... 5 out of 5 stars.
5 of 5 people found this review helpful.

Harlan poured his clear love of incident response and of the forensic profession into this book. Windows Forensic Analysis dives into many exceptional topics that are routinely overlooked in similar material. The entire book covers many novel analysis techniques and topics, the registry analysis chapter and the file analysis chapter discusses many detailed artifacts and areas of examination during forensics that up until this was published was only discussed deep inside forensic circles or discovered through hard earned on-the-ground experience. The book's only drawback is that it covers too many topics and the chapters do not flow together as well as I would have hoped. A single chapter is excellent, but in many cases it doesn't lead you to the next one. I also found that the entire book could have been written on just registry forensics. However, in order to create broad appeal, the registry section was probably shortened. You can tell Harlan has a lot more to tell. Finally, the CDROM companion could have had more polish to the file layout as finding some of the tools is slightly confusing upon initial glance. Even with these minor drawbacks, the information in each chapter is phenomenal. I recommend this book to anyone looking to advance their understanding of the Windows analysis environment.

Editorial Review:

The only book available on the market that addresses and discusses in-depth forensic analysis of Windows systems. Windows Forensic Analysis DVD Toolkit takes the reader to a whole new, undiscovered level of forensic analysis for Windows systems, providing unique information and resources not available anywhere else. This book covers both live and post-mortem response collection and analysis methodologies, addressing material that is applicable to law enforcement, the federal government, students, and consultants. This book also brings this material to the doorstep of system administrators, who are often the front line troops when an incident occurs, but due to staffing and budgets do not have the necessary knowledge to effectively respond. The companion DVD for the book contains significant, unique materials (movies, spreadsheet, code, etc.) not available any place else, as they were created by the author.

Malware Forensics: Investigating and Analyzing Malicious Code

Cameron H. Malin, Eoghan Casey, James M. Aquilina

Amazon Price: $48.96 List Price: $69.95 Usually ships in 24 hours By: Syngress Amazon Marketplace: 35 new & used starting at $48.96

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Business & Culture -> Privacy
Subjects -> Computers & Internet -> Computer Science -> Software Engineering -> Information Systems
Subjects -> Computers & Internet -> Networking -> Network Security

Customer Reviews:
Total reviews: 10 Average rating: 5.0 of 5

Editorial Review:

Malware Forensics: Investigating and Analyzing Malicious Code covers the emerging and evolving field of "live forensics," where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss ?live forensics? on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system.
Malware Forensics: Investigating and Analyzing Malicious Code also devotes extensive coverage of the burgeoning forensic field of physical and process memory analysis on both Windows and Linux platforms. This book provides clear and concise guidance as to how to forensically capture and examine physical and process memory as a key investigative step in malicious code forensics.
Prior to this book, competing texts have described malicious code, accounted for its evolutionary history, and in some instances, dedicated a mere chapter or two to analyzing malicious code. Conversely, Malware Forensics: Investigating and Analyzing Malicious Code emphasizes the practical ?how-to? aspect of malicious code investigation, giving deep coverage on the design of a malicious code analysis lab, the tools and techniques of conducting runtime behavioral malware analysis (such as file, registry, network and port monitoring) and static code analysis (such as file identification and profiling, strings discovery, armoring/packing detection, disassembling, debugging), and more.
After learning the tools and techniques covered in the book?s earlier chapters, the final chapters of Malware Forensics: Investigating and Analyzing Malicious Code focus on using honeypots to collect malicious code in the wild and conducting technical profiling and threat assessment based upon malicious code analysis findings.

* Authors have investigated and prosecuted federal malware cases, which allows them to provide unparalleled insight to the reader.
* First book to detail how to perform ?live forensic? techniques on malicous code.
* Companion Web site provides working code for analysis.
* In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter

EnCase Computer Forensics, includes DVD: The Official EnCE: EnCase Certified Examiner Study Guide

Steve Bunting

Amazon Price: $44.09 List Price: $69.99 Usually ships in 24 hours By: Sybex Amazon Marketplace: 45 new & used starting at $35.19

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Certification Central -> Publisher -> Sybex
Subjects -> Computers & Internet -> Certification Central -> General
Subjects -> Computers & Internet -> Certification Central -> General AAS

Customer Reviews:
Total reviews: 16 Average rating: 4.0 of 5

A must have 5 out of 5 stars.
0 of 0 people found this review helpful.

This book is not for beginners in the IT world, but you will need it in the long run.

Second edition of book; first edition reviews 4 out of 5 stars.
0 of 0 people found this review helpful.

The first edition is a great book, but this item is the SECOND EDITION.
Hopefully, reveiws of Ed.2 will soon be included (and discernable)
in the Amazon reviews.

encase 4 out of 5 stars.
0 of 0 people found this review helpful.

I'm taking Computer Forensics. Just what I needed. And its in great condition.

Don't buy until the demo software is fixed 1 out of 5 stars.
0 of 0 people found this review helpful.

The author was not able to preview any of his excercises on the demo version of the software prior to publication. Most exercises simply don't work with the enclosed software. He wrote all of the exercises on licensed versions of EnCase. If you have a licensed version of EnCase, this book is great.

If you are dependent on the demo software do not buy this book until the publisher comes out with a fixed version of the demo software. Be careful on the Wiley web site as there is a fixed version 5 already there for Edition 1 of the book. Make sure that it is version 6, to reflect edition 2.

Other than the demo software, it's a good book. Some of my students complain about the labs being a little hard to follow.

Editorial Review:

EnCE certification tells the world that you've not only mastered the use of EnCase Forensic Software, but also that you have acquired the in-depth forensics knowledge and techniques you need to conduct complex computer examinations. This official study guide, written by a law enforcement professional who is an expert in EnCE and computer forensics, provides the complete instruction, advanced testing software, and solid techniques you need to prepare for the exam.

File System Forensic Analysis

Brian Carrier

Amazon Price: $37.79 List Price: $59.99 Usually ships in 24 hours By: Addison-Wesley Professional Amazon Marketplace: 62 new & used starting at $32.15

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Privacy

Customer Reviews:
Total reviews: 24 Average rating: 5.0 of 5

The bible for File System Forensics 5 out of 5 stars.
2 of 3 people found this review helpful.

Great Book. Great job Brian. A must have in your bookshelf if you are serious about computer forensics.
It only lacks two things to be perfect: a reiserfs and a HFS+ sections.

Only an error. GPT partition schema isn't used only in big servers. New Intel Macintoshes use it by default for their boot drive.

Fantastic 5 out of 5 stars.
1 of 1 people found this review helpful.

I've been in IT for over 25 years, and in that time I've read a lot of technical books. "File System Forensic Analysis" is not only the best book I have read on computer forensics, it's probably the best technical work in ANY field I've ever read. It's thoroughly researched, clearly written, and contains virtually no fluff. The numerous rave reviews it has received are well-deserved.

My only quibble is the short, but seemingly gratuitous section on hexadecimal and decimal arithmetic. If you're ready for this book, you'll already know this stuff. But, that's only a few pages in a book that's otherwise packed with real substance.

Editorial Review:

This is an advanced cookbook and reference guide for digital forensic practitioners. File System Forensic Analysis focuses on the file system and disk. The file system of a computer is where most files are stored and where most evidence is found; it also the most technically challenging part of forensic analysis. This book offers an overview and detailed knowledge of the file system and disc layout. The overview will allow an investigator to more easily find evidence, recover deleted data, and validate his tools. The cookbook section will show how to use the many open source tools for analysis, many of which Brian Carrier has developed himself.

Computer Forensics For Dummies (For Dummies (Computer/Tech))

Linda Volonino, Reynaldo Anzaldua

Amazon Price: $19.79 List Price: $29.99 Usually ships in 24 hours By: For Dummies Amazon Marketplace: 44 new & used starting at $14.95

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Culture

Customer Reviews:
Total reviews: 3 Average rating: 5.0 of 5

Editorial Review:

Uncover a digital trail of e-evidence by using the helpful, easy-to-understand information in Computer Forensics For Dummies! Professional and armchair investigators alike can learn the basics of computer forensics, from digging out electronic evidence to solving the case. You won’t need a computer science degree to master e-discovery. Find and filter data in mobile devices, e-mail, and other Web-based technologies.

You’ll learn all about e-mail and Web-based forensics, mobile forensics, passwords and encryption, and other e-evidence found through VoIP, voicemail, legacy mainframes, and databases. You’ll discover how to use the latest forensic software, tools, and equipment to find the answers that you’re looking for in record time. When you understand how data is stored, encrypted, and recovered, you’ll be able to protect your personal privacy as well. By the time you finish reading this book, you’ll know how to:

• Prepare for and conduct computer forensics investigations
• Find and filter data
• Protect personal privacy
• Transfer evidence without contaminating it
• Anticipate legal loopholes and opponents’ methods
• Handle passwords and encrypted data
• Work with the courts and win the case

Plus, Computer Forensics for Dummies includes lists of things that everyone interested in computer forensics should know, do, and build. Discover how to get qualified for a career in computer forensics, what to do to be a great investigator and expert witness, and how to build a forensics lab or toolkit.

Computer Forensics JumpStart (Jumpstart (Sybex))

Michael Solomon, Neil Broom, Diane Barrett

Amazon Price: $19.79 List Price: $29.99 Usually ships in 24 hours By: Wiley Amazon Marketplace: 45 new & used starting at $12.68

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Job Hunting & Careers -> Guides
Subjects -> Computers & Internet -> Business & Culture -> Culture
Subjects -> Computers & Internet -> Business & Culture -> Hacking

Customer Reviews:
Total reviews: 4 Average rating: 4.5 of 5

This is an eye opening book!! 4 out of 5 stars.
12 of 16 people found this review helpful.

The book I chose to review was a book on Computer Forensics. Computer forensics is a very helpful easy to read book on investigative techniques for corporate managers or law enforcement. Unauthorized Internet access for employees could potentially grow into a festering tumor for many employers. This book details how someone with basic computer skills could investigate a workstation to see if anything malicious has been occurring.
The authors do a splendid job of offering real work examples to show the damage of inappropriate access and use by certain individuals. The use of the Internet and emails as a method of destruction is particularly alarming. Criminals and people with a penchant for malice are using emerging and established forms of communication to pervert the original intent of creators. The examples give snap shots into the complexity of the world of 21st century crimes.
The book is does go into detail about fraud on web based commerce. Thing such as ebay and bargain shopping web sites, seem noticeably missed in the context of crimes committed. The interesting example they use is the theft of website design from one website. Criminals could then use such designs to their own professional credit. It proceeds to tell the audience how to retrace the computer footprints to determine if designs were stolen.
It surveys overall Internet issues such as domain name services and email servers. The subject matter is daunting to say in the least, but the authors keep an individual grounded in the fact they are a beginner. It gives the feel of becoming a modern Dick Tracy or Sam Spade. The section also covers encrypted passwords, which are becoming more commonplace due to online commerce.
My main criticism would be the overall simplicity the authors present when entering such a field. It almost smacks of snake oil salesmen bartering cure alls. The work seems admirable but a very vast field, which encompasses everything from the intellectual property rights of web designers to human resource managers keeping tabs on company employees. Other than those points, I would say this is a must read for anyone who plans to enter businesses, which conduct online based exchanges of information or capital. It was a real experience to discover the depth of emerging criminal conduct with technology.

Editorial Review:

At the heart of modern corporate crime and counter-terrorism investigations, computer forensics is now the fastest growing segment of IT and law enforcement. For everyone curious about this hot field, here is an in-depth introduction to the technological, social, and political issues at hand. Sybex’s JumpStart approach is ideal for those interested in computer forensics but not yet sure what it’s all about. It offers a complete overview of the basic skills and available certifications that can help to launch a new career.

Mastering Windows Network Forensics and Investigation (Mastering)

Steven Anson, Steve Bunting

Amazon Price: $37.79 List Price: $59.99 Usually ships in 2 to 4 weeks By: Sybex Amazon Marketplace: 37 new & used starting at $20.97

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Certification Central -> Publisher -> Sybex

Customer Reviews:
Total reviews: 6 Average rating: 5.0 of 5

It's refreshing to finally be part of the "target audience" 5 out of 5 stars.
5 of 5 people found this review helpful.

As a law enforcement officer, I've often found myself frustrated by books that cover incident response, but never discuss law enforcement involvement, except as an afterthought. While I understand that it's important for corporate and internal investigators to have this type of information, it's refreshing to find a book that talks about the law enforcement response to an computer crime incident.

I've had the privilege of attending classes instructed by both of these authors. One of the things that impressed me about their classes is that they were able to break down complicated technical concepts into terms that cops can understand. They continue to do that in this book.

Computer crime investigators need to add this book to their libraries. I'd say it's a must have.

Editorial Review:

This comprehensive guide provides you with the training you need to arm yourself against phishing, bank fraud, unlawful hacking, and other computer crimes. Two seasoned law enforcement professionals discuss everything from recognizing high-tech criminal activity and collecting evidence to presenting it in a way that judges and juries can understand. They cover the range of skills, standards, and step-by-step procedures you’ll need to conduct a criminal investigation in a Windows environment and make your evidence stand up in court.

iPhone Forensics: Recovering Evidence, Personal Data, and Corporate Assets

Jonathan Zdziarski

Amazon Price: $26.39 List Price: $39.99 Usually ships in 24 hours By: O'Reilly Media, Inc. Amazon Marketplace: 47 new & used starting at $18.58

Buy at Amazon.com

Browse similar items by category:
Subjects -> Computers & Internet -> Computer Science -> Software Engineering -> Information Systems
Subjects -> Computers & Internet -> Hardware -> Handheld & Mobile Devices
Subjects -> Computers & Internet -> Hardware -> Macs

Customer Reviews:
Total reviews: 4 Average rating: 3.5 of 5

Editorial Review:

"This book is a must for anyone attempting to examine the iPhone. The level of forensic detail is excellent. If only all guides to forensics were written with this clarity!" -Andrew Sheldon, Director of Evidence Talks, computer forensics experts With iPhone use increasing in business networks, IT and security professionals face a serious challenge: these devices store an enormous amount of information. If your staff conducts business with an iPhone, you need to know how to recover, analyze, and securely destroy sensitive data. iPhone Forensics supplies the knowledge necessary to conduct complete and highly specialized forensic analysis of the iPhone, iPhone 3G, and iPod Touch. This book helps you:

Determine what type of data is stored on the device Break v1.x and v2.x passcode-protected iPhones to gain access to the device Build a custom recovery toolkit for the iPhone Interrupt iPhone 3G's "secure wipe" process Conduct data recovery of a v1.x and v2.x iPhone user disk partition, and preserve and recover the entire raw user disk partition Recover deleted voicemail, images, email, and other personal data, using data carving techniques Recover geotagged metadata from camera photos Discover Google map lookups, typing cache, and other data stored on the live file system Extract contact information from the iPhone's database Use different recovery strategies based on case needs

And more. iPhone Forensics includes techniques used by more than 200 law enforcement agencies worldwide, and is a must-have for any corporate compliance and disaster recovery plan.

Real Digital Forensics: Computer Security and Incident Response

Keith J. Jones, Richard Bejtlich, Curtis W. Rose

Amazon Price: $37.79 List Price: $59.99 Usually ships in 24 hours By: Addison-Wesley Professional Amazon Marketplace: 41 new & used starting at $34.15

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Home Computing -> Internet -> General AAS

Customer Reviews:
Total reviews: 8 Average rating: 5.0 of 5

Editorial Review:

You can't succeed in the field of computer forensics without hands-on practice--and you can't get hands-on practice without real forensic data. The solution: Real Digital Forensics. In this book, a team of world-class computer forensics experts walks you through six detailed, highly realistic investigations and provides a DVD with all the data you need to follow along and practice. From binary memory dumps to log files, this DVD's intrusion data was generated by attacking live systems using the same tools and methods real-world attackers use. The evidence was then captured and analyzed using the same tools the authors employ in their own investigations. This book relies heavily on open source tools, so you can perform virtually every task without investing in any commercial software. You'll investigate environments ranging from financial institutions to software companies and crimes ranging from intellectual property theft to SEC violations. As you move step by step through each investigation, you'll discover practical techniques for overcoming the challenges forensics professionals face most often.Inside, you will find in-depth information on the following areas: * Responding to live incidents in both Windows and Unix environments * Determining whether an attack has actually occurred * Assembling a toolkit you can take to the scene of a computer-related crime * Analyzing volatile data, nonvolatile data, and files of unknown origin * Safely performing and documenting forensic duplications * Collecting and analyzing network-based evidence in Windows and Unix environments * Reconstructing Web browsing, e-mail activity, and Windows Registry changes * Tracing domain name ownership and the source of e-mails * Duplicating and analyzing the contents of PDAs and flash memory devices The accompanying DVD contains several gigabytes of compressed data generated from actual intrusions. This data mirrors what analysts might find in real investigations and allows the reader to learn about forensic investigations in a realisticsetting. A(c) Copyright Pearson Education. All rights reserved.

Guide to Computer Forensics and Investigations, Third Edition

Bill Nelson, Amelia Phillips, Frank Enfinger, Christopher Steuart

Amazon Price: $61.71 List Price: $97.95 Usually ships in 24 hours By: Course Technology Amazon Marketplace: 75 new & used starting at $50.00

Buy at Amazon.com

Browse similar items by category:
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General
Subjects -> Business & Investing -> Industries & Professions -> E-commerce -> General AAS
Subjects -> Computers & Internet -> Business & Culture -> Culture

Customer Reviews:
Total reviews: 8 Average rating: 2.0 of 5

Do not buy this book used! You won't be able to use the CD 1 out of 5 stars.
17 of 21 people found this review helpful.

This book represents the core of what is wrong with corporate America today. This book is packaged with a CD that has software on it used throughout the book. What they don't tell you anywhere is that you must register the software using a unique and one time only coupon in the cd pouch. Furthermore the software then expires in 120 days. To not mention this limitation that basically makes the book useless for resale is very deceitful on the part of the publisher and the company that supplied the software. Never have I seen such B.S. before as this when it comes for games that publishers play!!! THIS INFORMATION SHOULD HAVE BEEN IN BIG BOLD LETTERS -- YOU CANNOT RESELL THIS BOOK DUE TO THE ONE-TIME USE OF THE ENCLOSED CD SOFTWARE --

Editorial Review:

Master the skills necessary to launch and complete a successful computer investigation with the updated edition of this highly successful book, Guide to Computer Forensics and Investigations. This text will teach readers how to conduct a high-tech investigation, from acquiring digital evidence to reporting its findings. Coverage includes how to set up a forensics lab, how to acquire the proper and necessary tools, and how to conduct the investigation and subsequent digital analysis. The comprehensive coverage and detailed know-how led to the book being listed as recommended reading by the FBI Forensics Communications the United States Certified reading room. The book features free downloads of the latest forensic software, so students become familiar with the tools of the trade.