SANS Digital Forensics and Incident Response Blog: Tag - Book review

Book Review: Digital Forensics with Open Source Tools

I was excited awhile back to learn Digital Forensics with Open Source Tools was being written and even more pleased when I heard who its authors were. I worked almost exclusively with open source tools while beginning my foray into the digital forensics world and happily continue using them today, so I knew this book … Continue reading Book Review: Digital Forensics with Open Source Tools

Book Review: Windows Forensic Analysis

Title: Windows Forensic Analysis - DVD Toolkit 2nd Edition
Author: Harlan Carvey
Publisher: Syngress
Date of Publication: 2009
Price: $69.95 (USA)
ISBN: 978-1597494229
Reviewer: Peter Sheffield

This second edition of Harlan Carvey's excellent book on Windows Forensic Analysis is a fantastic uplift to what I'd classify as the best book I owned on Windows forensics, especially from a practitioners' perspective. This 2nd edition works on multiple levels; with practical advice and guidance for live Windows forensic analysis as well as more in depth discovery guidelines for back your work back in the lab, all augmented by real scripts and utilities that will help you retrieve valuable forensic evidence from a target machine. Chapter 4 on registry analysis is particularly strong with details on audit policy and event log analysis, wireless SSID discovery, understanding autostart, and one of my favorites, the section on how to track USB

... Continue reading Book Review: Windows Forensic Analysis