Friday, May 27, 2011

Road to CCE, Pt. I: Review of Handbook of Digital Forensics

                “Handbook of Digital Forensics and Investigation”, by Eoghan Casey is a fantastic read.  I had recently completed Brian Carrier’s, “File System Forensic Analysis,” (also an amazing book) and was looking for something a bit less in-depth and more of a general digital forensics book.  Luckily, I got a recommendation from Eric Huber over at the ‘A Fistful of Dongles’ blog for this book, as well as, a few others; you can read his review of the book at Amazon.  I really enjoyed this book a lot, and it was exactly what I was looking for; an overview of the wide variety of topics that encompass digital forensics.  Casey had accumulated a great text from a wide variety of contributing authors and put it in volume that will take you through common topics in digital forensics including anything from data gathering to embedded systems analysis.

            Casey begins with an introduction that included a brief of what the book will include and the basics of a forensic examination.  Chapter 2 covers the importance of tried and tested methodologies and some of the complications that arise that arise with digital forensics when gathering and maintaining forensically sound evidence.  The electronic discovery chapter includes an overview of what E-discovery is and what it includes and gives you a great look at how large an E-discovery can be both in examination and cost.  Chapter 4 discusses the use of forensics in incidence response, and the importance maintaining files rather than utilizing the “wipe and re-install” mentality. 

            Part 2 of the book breaks away into the nitty-gritty technical end of forensics, at least as much as it can as an intro level book.  Chapter 5 covers the Windows operating systems and what you’re going to want to look for in an investigation, a sort of areas of interest sort of thing and explaining what those files are.  The next chapters do the same thing with the other main operating systems, both UNIX/Linux and Macintosh systems.  Chapter 8, for me, was really interesting.  It goes over the type of methodologies that will be utilized in an embedded system investigation with things like chip-off techniques and such.  The next chapter discusses network investigations and will show you the types of things you can discover through analyzing network traffic in your investigation.  The final chapter will point out areas of interest to be found in mobile devices. 

            This book is great in that it points out key areas you should be looking for within an investigation.  I particularly loved the “From the Case Files:” sections that give you a real world example of where you would use this knowledge that you’re reading about.  Even more, I LOVED the “Practitioner’s Tip,” sections.  For me, as a student, getting these little tips from experienced forensicators are invaluable.  Those tips, to me, were the best part of the book and was the like cherry on top of a sundae.  I felt the book was very well done.  My one criticism were the amount of output files, sometimes they seemed a bit long but appreciate what they were trying to do with it.  Other than that I would recommend this book to anyone looking to get into the digital forensic field, like myself.


I chose this book to begin my road towards gaining my Certified Computer Examiner certification.  I hope to complete the certification by the end of the year.  Right now my plan includes reading the following:
  • Handbook of Digital Forensics and Investigation by Eoghan Casey (Completed)
  • File System Forensic Analysis by Brian Carrier (Completed)
  • Windows Forensic Analysis by Harlan Carvey (In-Progress)
  • Digital Forensics by Cory Altheide and Harlan Carvey
Open finishing these works, I plan on working on practical application.  So look for more on these books and possibly some examples from my practice sessions.  Any recommendations and comments are welcome.  Enjoy memorial day weekend!