Learn Computer Forensics: A beginner's guide to searching, analyzing, and securing digital evidence

I met Bill many years ago in the Marine Corps when I was a young investigator. I’m pretty sure he recommended that I learn the basics of computer forensics back then but I didn’t listen. Here I am now about 14 years later trying to play catch up. Fortunately Bill’s writing and language is that of a cop and an experienced investigator…NOT an engineer. This book is my go-to guide in my current cybersecurity endeavor and I recently learned that university libraries carry it. HIGHLY recommended for newcomers to digital forensics.

This book is very well written and covers all aspects of the digital forensic process, from identification, preservation , acquition and processing of the digital evidence. This book walks you through a digital crime scene and obstacles and planning that should be done. The chapter on Memory forensics was very clearly stated from acquiring it and processing it to the knowledge that some data will change while capturing the RAM. The book is laid out nicely to include report writing and testifying. The author covers both criminal and civil exams, mentions numerous tools from open source to vendor specific. Over all very well written and easy to follow along with the authors numerous real life examples from his years of experiance.

I’m still reading, however this book is amazing with real life examples, how to pictorials and scenarios a must buy if you’re looking to get into forensics!

An attempt to capture the entire field of computer forensics in a single volume is a seemingly impossible task. The author does an excellent job of highlighting the most commonly used forensic artifacts in the Windows environment. In addition to covering commonly used artifacts, the author discusses the importance of and format of report writing, ethics, testifying, and digital forensic ideology. I was sold on the book after the author made the following statement, "Unfortunately, I find many students want to use a "find evidence" button, find all the artifacts, and print up a thousand-page report and call it a day. That is not digital forensics." I would replace the "students" with investigators/digital forensic analysts as I have seen this many times, especially as the paid-tools become more powerful and able to present artifacts in an easy-to-read format. As I read the line, I paused and immediately messaged another examiner with a different agency, as this sentiment is often brought up in our discussions. Paid-tools tempt practitioners to focus on single artifacts as evidence, but the author reminds the reader, "we cannot construe the mere presence of the artifact as a sign of the suspect's guilt (or innocence). The artifact needs to be placed within the context of the user and system activity." New and old forensic examiners need to remember that they are the skilled practitioner, whose job is to speak for the digital evidence. Our job is to examine the evidence as it exists and use the data found to present the truth without regard to the side of the courtroom we sit on. Through the book, the author reminds the reader that the forensic analyst role is to be a neutral evaluator of the evidence. The book provides an excellent introduction for new examiners or those looking to expand their understanding of the results provided by forensic examiners. The book also can be used as a high-level reference for aspects of Windows forensics that an examiner may not use every day. The author takes time to direct the reader to free tools and other resources. While he does declare his preference for one of the paid-tool over others, he does explain the free tools and how they can impact the review of a variety of artifacts. I appreciate him directing the reader to outside resources, collections of data, and information that should be marked in everyone's bookmarks. I found his explanation of the thumbcache's relationship with Windows.edb to be the most concise and useful explanation of how to provide context to thumbcache databases. Thumbcache is a topic I have researched ad nauseam. As an ICAC investigator, items of interest are often found in the thumbcache databases; the ability to put a name on the image allows the image to be tied to other activities to provide context and value. There are many little nuggets of gold scattered through the book that will be a value to nearly all examiners, if for no other purpose to provide a prewritten, easy-to-understand explanation of the artifacts. The author's experience and professionalism shine through his writing.

William Oettinger is an expert author with expert computer forensic skills, knowledge, and experience!Both complete beginners and DFIR professionals starting out will get something substantial out of this book! As a “one-stop guide”, this will definitely help readers become well-rounded computer forensic professionals. The focus of the book is on “searching, analyzing, acquiring, and securing digital evidence” - it delivers on all counts and then some in the context of a singular resource.The book is heavily focused on solid fundamentals and making sure that the reader understands the process of forensic analysis including acquisition of evidence, and relevant technical knowledge relating to how computers and networks work. In particular, the sections covering analysis of Windows artifacts, RAM memory analysis, internet artifacts, and email forensics will be particularly valuable for those just starting out or wanting to see what being a computer forensic professional entails.The inclusion of report writing is fantastic and immediately draws attention to the importance of having effective note taking and how to write reports to officially document forensic examination results.There are many case studies and real-world examples that can immediately be put to use. Everything is well-written, factually correct, and presented in an order that makes sense - credit to both Steve Whalen as the reviewer/editor and Oettinger!Last but not least, it is clear that the expert witness ethics section draws upon Oettinger’s unique combination of professional experience as a retired police officer, a computer forensic subject-matter expert, and veteran technical trainer/investigator.

I use it for my school studies.

This book give you complete knowledge of cyber forensic(computer). Just go for it.

Livre très intéressant.

Well structured book. Clear concise, easy to read and dip into as needed

I am a practising lawyer and into this profession from quite sometime. The things mentioned in the book are already available on internet free of cost. The price 2k bucks is not justified. This should be priced at max 500/-If you know your questions, you can search on internet and you will get exactly what is written in this book.