Best Book Bejtlich Read in 2008

If I read and reviewed a book you wrote in 2008, this was one of the better years to win my Best Book Bejtlich Read award. I only read and reviewed 20 books this year, compared to 17 in 2000, 42 in 2001, 24 in 2002, 33 in 2003, 33 in 2004, 26 in 2005, 52 in 2006, and 25 in 2007.

My 2007 and 2006 winners are posted too. Although I've been reviewing books seriously since 2000 and blogging since 2003, I only started listing my favorite books in 2006.

I did not spend enough time "hanging in the sky" (to quote John Denver) reading a book, and too much of my day job spilled into my evening reading hours. I prefer to avoid long-haul air travel, so I don't expect to read more on planes in 2009. Regarding work-life balance, I have more help at work for detection and response duties. We'll see how 2009 fares with respect to reading overall.

My ratings for 2008 can be summarized as follows:

  • 5 stars: 7 books

  • 4 stars: 8 books

  • 3 stars: 4 books

  • 2 stars: 1 book

  • 1 star: 0 books

Here's my overall ranking of the five star reviews; this means all of the following are excellent books.

  • 7. Beginning Perl, 2nd Ed by James Lee. Lee's book is excellent from start to finish. I found his explanations very clear and his writing style lively. He covered just about everything I hoped to read in a book of roughly 400 pages.

  • 6. OSSEC HIDS by Rory Bray, Daniel Cid and Andrew Hay. I have to congratulate the author team for OHG. Writing a book for Syngress with many contributors is usually a recipe for disaster. OHG features three lead authors, four contributors, and one foreword author -- and they don't step on each others' toes.

  • 5. Virtual Honeypots: From Botnet Tracking to Intrusion Detection by Niels Provos and Thorsten Holz. If you are at all interested in potentially deceiving intruders, buy and read Virtual Honeypots. You'll learn about more than VMware (QEMU, UML, etc.) as well as numerous open source tools you can download and try for free.

  • 4. Googling Security: How Much Does Google Know About You? by Greg Conti. There's no question that Greg Conti writes excellent books. Last year's Security Data Visualization book earned 5 stars, and I put Googling Security in the same league. Conti takes a thorough and methodical look at the privacy consequences of Google's services, incorporating technical realities and thoughtful analysis.

  • 3. Nmap Network Scanning by Gordon "Fyodor" Lyon. If you are looking for *the* book on Nmap, the search is over: NNS is a winner.

  • 2. Applied Security Visualization by Raffy Marty. I think ASV is a great book on security visualization, but it will also help general security practitioners.

And, the winner of the Best Book Bejtlich Read in 2008 award is...

1. Malware Forensics: Investigating and Analyzing Malicious Code by Cameron H. Malin, Eoghan Casey, and James M. Aquilina. Malware Forensics is an awesome book. Last year Syngress published Harlan Carvey's 5-star Windows Forensic Analysis, and now we get to enjoy this new title. I should disclose that I co-wrote a forensics book with Curtis Rose, and I just delivered a guest lecture in a class taught by Eoghan Casey. However, I still call books as I see them, regardless of the author.

I can confidently say that anyone interested in learning how to analyze malware, or perform incident response, will benefit from reading Malware Forensics. The authors even maintain a Web site -- -- to support the book.

Looking at the publisher count, top honors in 2008 go to Addison-Wesley for 3 titles, followed by Syngress with 2, and finally Apress and a self-published title, each with one. Thank you to all publishers who sent me books in 2008. I have plenty more to read in 2009.

Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.


Anonymous said…
Thank you for sharing your book reviews. It is also good to see your 2009 reading list.

Anonymous said…
Amazing post. One of the best this year!

I had been waiting for this post all year. Now I will wait for next year's post!

Thanks Richard! Happy New Year to you!
Andrew Hay said…
Hey Richard,

On behalf of the OSSEC Host-based Intrusion Detection Guide author team I wanted to thank you for the high praise you gave our little book. Thanks again.
Anonymous said…
I've been considering purchasing the OSSEC book, but hesitated precisely because it is a multi-author book from Syngress! Thanks for this wrap-up. I must have missed/ignored the OSSEC book review when it was written.
Anonymous said…
Thanks for all your great book reviews in 2008! And I'm delighted that you liked Nmap Network Scanning so much! I can't wait to read your thoughts on 2009 books.
Anonymous said…
Thanks for the reviews and list. I bought 3 of them right away.
Anonymous said…
This comment has been removed by a blog administrator.
Anonymous said…
nice blog

Popular posts from this blog

Five Reasons I Want China Running Its Own Software

Cybersecurity Domains Mind Map

A Brief History of the Internet in Northern Virginia