Recommend Computer Forensics Books

[mt_100]

Looking to learn more about computer forensics, specifically crime investigation, data recovery, and hacking.

Looking for books with a good technical background and technical how to aimed at computer professionals. Web sites that have good information would be good too.

Anyone know of some good reads?

 

[mmtom]

I took a forensics class in college (this was about six years ago), but one of the books was a decent book at the time...It's called Incident Repsonse. Looks like there's been a 2nd edition since then. It might be the only "text book" that I sat down and read on my own, just because it was interesting.

http://www.amazon.com/Incident-Response-Computer-Forensics-Second/dp/007222696X

 

[requiemnoise]

Linux has tons of free apps for these kind of things. It is a good idea to learn Linux if you are into this. Instead of listing all the apps, have you looked into Helix3 distro? Play with the apps and go over the docs.

 

[mmtom]

Linux has tons of free apps for these kind of things. It is a good idea to learn Linux if you are into this. Instead of listing all the apps, have you looked into Helix3 distro? Play with the apps and go over the docs.

I agree that learning Helix and the OS's you'll need to gather evidence from is important, but I also think it's important to understand the basics of forensics. There's a lot of stuff that goes beyond just using Helix and other forensic tools (preserving the state of the drive, what's admissible in court, etc). If you know how to use the tools, then go to town on a drive and touch a bunch of files that shouldn't have been touched, you've just destroyed your evidence.

If this is something you're serious about, I would recommend reading the book and learning more, as well as learning about the tools involved. IIRC, Incident Response covers many of the tools as well.