I’m still working toward putting together a standalone, one-button push WinFE creation with some great helpers, but haven’t had the time to fully focus on it to make sure I get it working smoothly. But, I plan to have something done within the next month that anyone will be able to build their own customized WinFE with the least amount of hassle. Stay tuned…I’m pounding away at the keyboard to get to it.
On another note with book stuff, the X-Ways Forensics Practitioner’s Guide written by Eric Zimmerman and myself is available on Kindle today. The printed edition is coming very soon, but if you want to have it in your hands in less than a minute, click here and order the Kindle version: X-Ways Forensics Practitioner’s Guide
This is my second book, with my first being Placing the Suspect Behind the Keyboard. The XWF Guide is much more technical than my first book, with good reason. Placing the Suspect Behind Keyboard goes beyond technical details and gives an overall perspective of high tech investigations. This includes the computer forensics analysis, but also includes GPS intelligence, online social networking investigations, cell phone analysis, report writing, case management, and case presentation. I wrote this book for those new to the field to start out on the right track and for those analysts that have buried themselves deep into their monitor to go back to thinking outside the (CPU) box. If for nothing else, this book will give you plenty of information to pin the suspect to the computer (or cell phone) with enough circumstantial evidence to choke the defense. And in that light, it also gives information to prevent placing the wrong person at the keyboard, which is even more important! After all, although the data is what the data is, you are uncovering the truth and not forcing your beliefs into a case.
I also want to give my two cents on some other really good books that I refer to on a regular basis. I also believe these should be part of every examiner’s desk reference. This is only “Brett’s Review” so take it for what its worth.
Digital Forensics with Open Source Tools by Cory Altheide and Harlan Carvey. If you do this work long enough, you’ll find that you just can’t afford every tool in existence, and for the tools you use, they don’t always do what you want. This is a great book on using open source tools. If you don’t use open source, you are really missing out on some great stuff. I am a huge fan of open source tools, with RegRipper being one of these useful utilities.
Windows Registry Forensics by Harlan Carvey. I cannot imagine any forensic examiner NOT having this book already. This is one of those books where you say, “Of course I have that book, don’t you?”. Harlan also writes like a person talks, as if the book is written specifically for the reader to get it. Easy to understand, to the point, and practical. I kinda like no-nonsense and get-to-the-point books…
Windows Forensic Analysis Toolkit 3E by Harlan Carvey. Again, another book that I cannot imagine not being on your desk already. I also can’t wait for WFA/4E to be published…hint, be bery bery quiet....Harlan is working on it right now….
File System Forensic Analysis by Brian Carrier. Some books never go out of style and this is one of those books. This is also one of those books that should have been written years before it was eventually written, mostly because I could have really used it when first starting out in forensics rather than beating my head against the desk.
I have a LOT more, but these are my main books that are always within arms reach, dog-eared, highlighted, written on, referenced constantly, and used as refreshers all the time. I figure that if you are going to order a book, pick a few good ones at the same time. But then again, I assume you have all of these already because I don’t know how I could have done without them.
Now…it’s back to work to get your WinFE up and running
**Update on books***
My first book, “Placing the Suspect Behind the Keyboard“ is on sale at half price from the publisher until Sept 22. Maybe a good time to take advantage of the sale