For my fourth impressions post, I'll turn to the digital forensics world for Digital Forensics with Open Source Tools (DFWOST) by Cory Altheide and Harlan Carvey. I took a lot of notes but didn't read closely enough in my opinion to merit a full review.I didn't like the way this book started. I can't tell if the authors expect the reader to be familiar with open source software or not. The book needed to start in chapter 2 with something like "let's start by selecting Ubuntu for our operating system. We like it for the following reasons..." In contrast, the reader suddenly finds himself in the "Working with Images" section trying to use losetup, mmls, doing math, etc. That's too fast! Many reading this book are going to get lost on page 23 between "sudo apt-get install libfuse-dev libexpat1-dev" and advice to use "a simple ./configure..."
Beyond the rough start, however, I thought the rest of the book was interesting. I liked reading about a variety of tools, especially trying to accomplish the same task on Linux and Windows. I enjoyed reading about hidden Windows Event Logs in ch 4 and about hachoir in ch 8. The book made great use of public evidence sources, like the Digital Corpora.
Near the end of the book (ch 9) I read a reference to Rob Lee's SIFT platform, so I wondered by the book didn't use it throughout? I also would have liked to have read more about log2timeline in ch 9.
One note for a second edition: some figures in the book feature resolutions so high that the text is not legible given the size of the screen captures.
I think you will like DFWOST, but I bet the second edition will be stronger.
Tweet
0 comments:
Post a Comment