Product: 1597495867

First let me start off by saying that the Amazon packaging was terrible and likely the reason the book looked ‘used’ instead of new when I received it. In order to get better packaging you might want to order this book with other books.

—–
The author does not make the assumption that everyone reading the book will be familiar with what Open Source Software is and goes in to a little bit of detail on the subject. As a FOSS advocate I was appreciative of the effort put in to educate others on this subject.

Chapter 2:
This chapter is about getting your forensic computer setup with FOSS tools and applications. It covers setups on Linux and Windows, but with a preference towards Ubuntu (Linux) as this is what the author used and what the examples are done with.

Chapter 3:
Covers the basics of how to analyze disks. This includes covering ram slack, file slack, file systems specifics, carving and hashing. It is important to know how to handle evidence if will be needed in a court room. Failure to use hashes and load a disk as read only will likely result in evidence being questioned and potentially thrown out.

Chapter 4:
Covers Windows specific file systems artifacts

Chapter 5:
Covers Linux specific file systems artifacts

Chapter 6:
Covers OS specific file system artifacts

Chapter 7:
Covers browser artifacts for IE, Firefox, Chrome and Safari. It also covers email artifacts. I was particularly interested by the Chrome and Safari artifacts.

Chapter 8:
Deals with file analysis covering media files, documents and others. It was interesting to note that there does not appear to be any ability for Open Source tools to leverage known hashes to identify files known to law enforcement.

Chapter 9:
Automating the process – trust me you do not want to have to do everything by hand.

Chapter 10:
Covered free, but not open source tools that are available.

Overall I found the book to have a solid mix of theory and tool use examples. It also included links to forensic images you can use to experiment with the tools. I already played with many of these images with proprietary tools a while back and look forward to exploring how open source tools work with them as well.

Solid book diminished only by the inept packaging Amazon utilized. If the book were not so good I would be returning the book.
Rating: 5
1597495867
Count: 10