I was fortunate enough to get an advance reviewer copy of David Cowen’s new book – Computer Forensics: A Beginner’s Guide. After reading it, honestly, I was annoyed and a little bit pissed. I have a Masters in Information Security and it was my Computer Forensics class that got me interested in this field. By comparison the textbook I had for that class was dry, dull, stale and inadequate in its task compared to this book. What I would have given to have this as a reference for that class. Fortunately, now I do!
For those that are unfamiliar with the author; David has co-authored Hacking Exposed: Computer Forensics, writes a popular forensic blog (http://hackingexposedcomputerforensicsblog.blogspot.com/ ) and is an experienced Computer Forensic Examiner in the state of Texas.
What’s to like about this book? To me, the biggest selling point of this book is how it reads. If you like the style of the Hacking Exposed books then you’ll enjoy David’s writing style as well. It comes mostly as a first person narrative with David’s experiences sprinkled liberally throughout the book; and that’s a good thing. It becomes very obvious in the reading that not only does the author know what he’s talking about, he knows how to communicate it to a wide audience. I finished the entire book in three sittings and I attribute that to how well it is written.
The topics covered flow very well; starting with chapters on getting started, what can be done with computer forensics, how to get training and where to find current information. For the beginner, these chapters are invaluable as they lay the groundwork for the rest of the book as well as providing some great external references for finding more information about forensics. For the experienced forensicator, these chapters are valuable as a way to introduce new people to what you do as well as providing a great reference list of places to keep up-to-date on computer forensics.
From here the book quickly moves into setting up your own lab, what tools (both hardware and software) you’ll need, and how to start your first investigation. There’s a great chapter here on the importance of testing your tools and how to test them as well as several chapters on different types of forensic cases. The most valuable sections of the book, however, were the final two chapters on the back end of every investigation – documenting and reporting. Why? Because so much of the information in our field focuses on the technical aspects; new tools, new artifacts, new malware, etc., however, all of that is moot if it isn’t properly documented and reported. David fortunately doesn’t gloss over these topics, instead giving them two skillfully written chapters that will serve experienced and new forensicators well.
Without covering every chapter, I’ll instead say that David does an outstanding job of covering a very broad level of topics in computer forensics, including many that you wouldn’t expect to be in a book for beginners. And while the focus is on beginners, this book would make an excellent addition to any computer forensicator’s library.
That said I did have a few minor quibbles with the book. There were a few minor spelling errors and some grammar issues but I expect all of those will be referenced on the accompanying website (http://www.learndfir.com) and fixed in future versions. Another issue I had was that a few chapters’ topic introductions did not match up to the chapter summaries. For example, Chapter 8 deals with creating forensic images. The topics listed as being covered do not mention mobile devices, yet it is discussed briefly in the chapter and then listed as a skilled learned in the chapter summary. In reality, the chapter mentions that the topic is rapidly changing and no methods for imaging mobile devices are documented. For a beginner it may be frustrating to see a skill listed as ‘covered’ in the chapter when it was not. This happens a few times in the book but should not seriously detract from what I consider to overall be an outstanding computer forensics book.
In summary, if you have any interest in computer forensics, I highly recommend this book. If you’re teaching a course on the topic, please do yourself and your students a favor and use this as your textbook. Your students will thank you!
Notes: My ARC was in .pdf form with no Table of Contents, Introduction or Index so I cannot speak to any issues in those areas of the book. I also cannot speak to any formatting issues that might exist with other e-versions of the book. There were none in my version but they do sometimes occur across different e-formats.