Monday, October 09, 2006

Reviews of Digital Forensics Books Posted just posted three new reviews on digital forensics books. The first is File System Forensics Analysis by Brian Carrier. Here is a link to the five star review.

The second is Windows Forensics by Chad Steel. Here is a link to the four star review.

The third is EnCase Computer Forensics by Steve Bunting and William Wei. Here is a link to the three star review.

All three books share the same introduction.

I decided to read and review three digital forensics books in order to gauge their strengths and weaknesses: "File System Forensic Analysis" (FSFA) by Brian Carrier, "Windows Forensics" (WF) by Chad Steel, and "EnCase Computer Forensics" (ECF) by Steve Bunting and William Wei. All three books contain the word "forensics" in the title, but they are very different. If you want authoritative and deeply technical guidance on understanding file systems, read FSFA. If you want to focus on understanding Windows from an investigator's standpoint, read WA. If you want to know more about EnCase (and are willing to tolerate or ignore information about forensics itself), read ECF.

In the spirit of full disclosure I should mention I am co-author of a forensics book ("Real Digital Forensics") and Brian Carrier cites my book "The Tao of Network Security Monitoring" on p 10. I tried to not let those facts sway my reviews.


Da Kahuna said...


I have to agree with you regarding FSFA. I have both FSFA and the EnCase book. I bought them for exactly the reason you state= indepth technical knowledge and the EnCase book specifically for the information on EnCase.

Great reviews as usual.

invest said...
This comment has been removed by a blog administrator.
Anonymous said...

WF got 4 stars? Really? Seriously? ;-)