|
Real Digital Forensics is a wonderful teaching tool for forensics geeks of all skill levels. For a beginner, the book addresses many types of forensic situations you may encounter, including live response forensics on both Windows and Unix, forensic imaging, online-based forensics, and mobile device analysis. For the advanced user, there is a plethora of cool tools, many of which you may not have heard of before.
The book also discusses techniques for some of the more complicated forensic processes, covers email reconstruction, and devotes a few chapters to binary analysis. I appreciated these chapters the most because of the specific processes that were outlined and the tools that were described. I am a big fan of books that can help you apply examples to your own processes, something this book does very well.
Some of my favorite highlights included the tools on how to dump memory from a process in Windows using the userdump tool from Microsoft. There's also an excellent discussion on the types of data that can be collected on the network, and how to do it. It's brief, but summarizes the major issues nicely (i.e., the SPAN port vs. network tap vs. inline placement of sensor issue that is often discussed for Intrusion Detection Systems; see Chapter 3).
The book includes case studies that use the tools, many of which are included on an accompanying DVD. It's helpful to see the images and binary files with the tools in action. The book has a nice balance of "here's how you do it" and "now go try it yourself". It's tough to find learning material organized and presented as well as it is here.
There is also a helpful chapter on what needs to go into your own response toolkit for both Windows and Unix live response, as well as what duplication tools you may need. Further, it explains how to have the tools prepared to go into action when you actually need them, so that you don't have to struggle with setting them up on the fly. There is even a chapter on how to make your own bootable CD with your own customized forensic environment.
If you need a book that can serve as a forensic blueprint on everything from A to Z, this is your book. It provides excellent material focusing on process and step-by-step analysis, combined with a lot of actual forensic data on which to practice.
|
