Saturday, June 20, 2009

Windows Forensic Analysis 2/e Review

I recently purchased and read (thanks to two cases back to back with a nice layover in Chiacgo due to weather) Harlan Carvey's new book, "Windows Forensic Analysis Second Edition".

In my tenure as a security professional I have read a LOT of books. I can honestly say that without question, this is the best, most useful forensics book I have read. I am not going to go into a breakdown of chapters, however I will say that the chapters on Live Response, Memory Analysis, Registry Analysis, File Analysis, and Executable File Analysis are fantastic. My copy is full of hi-lights and margin notes! I have also already started working in some of the tools from the DVD into my volatile collection scripts.

What Harlan does really well is makes very complex topics (like the Windows Registry) very understandable. He also is able to tie in why it's important to you as an investigator, and what kinds of things you need to be on the lookout for.

Quite frankly, if you don't have this book yet - you need it! If you are serious about your trade, and want to learn more about how to conduct a comprehensive analysis of Windows based systems - you need this book! Seriously, the chapter on Registry analysis ALONE is worth the price of the book.

Buy it now...seriously...I cannot emphasize that enough!


  1. I'm almost through (I got a little side tracked with this Python book I picked up) and I'm in total agreement. The book is required ready!