Features
- Cover Type: Paperback with 416 pages
- Published by: Syngress; Pap/DVD edition April 24, 2007
- Written in: English
- ISBN 10 Number: 159749156X
- ISBN 13 Number: 978-1597491563
-
Book Dimensions:
8.9 x 7 x 1.1 inches
- Weighs: 1.4 pounds
Reader Reviews
I loved Windows Forensic Analysis (WFA). It's the first five star book from Syngress I've read since early 2006. WFA delivered just what I hoped to read in a book of its size and intended audience, and my expectations were high. If your job requires investigating compromised Windows hosts, you must read WFA. Let me name three aspects of WFA that really sold me. First, the subject matter is exactly what I wanted to read. The book does not repeat basic or fundamental material you can (and should) read elsewhere, like working "crime scenes," hard drive image acquisition, and the like. I recommend the recent book Windows Forensics by Chad Steel (4 stars) as a great first book to read before WFA. The two are sufficiently different yet complementary to warrant reading both, in fact. In addition to not repeating material, WFA covers very recent (late 2006, early 2007) activity in Windows forensics that are not addressed by other books. The chapter on Windows memory analysis (ch 3) was even better than the Registry chapter that everyone likes. WFA cites plenty of outside sources in a way that doesn't confuse the reader and enriches the learning process. Second, WFA introduces a vast number of tools to help investigators implement the concepts author Harlan Carvey explains. Many of the tools are Harlan's own work and are included on the book's DVD. The DVD even contains movies showing how to use some of the tools, like Harlan's Forensic Server Project. Many tools that were new to me appear in the book, but well-known commercial suites like EnCase do not. This is great; if you want to know EnCase, read the (3 star) book on it I reviewed last year. I intend to integrate many of these tools into my own CIRT's response processes. Third, Harlan brings a lot of experience to WFA. He cites plenty of examples and niche topics that I haven't seen elsewhere. I had never heard of using multiple OLE streams to hide entire Word files in Excel spreadsheets and vice-versa. Better yet, Harlan describes how to find these techniques, along with other issues like alternate data streams. Many times multiple ways to approach a problem appear in WFA. Furthermore, Harlan continuously emphasizes implementing repeatable, automated processes to improve the accuracy and scalability of forensic investigations. There really is no excuse to not read WFA. I think it would be interesting to try some of Harlan's tools and techniques on the images and evidence collected by myself and my Real Digital Forensics co-authors Keith Jones and Curtis Rose. Bravo to Harlan for writing WFA.
Comment | |
(Report this)
Search for books at
