Reddit Reddit reviews File System Forensic Analysis

We found 11 Reddit comments about File System Forensic Analysis. Here are the top ones, ranked by their Reddit score.

Computers & Technology
Books
Networking & Cloud Computing
Internet & Telecommunications
File System Forensic Analysis
Check price on Amazon

11 Reddit comments about File System Forensic Analysis:

u/[deleted] · 18 pointsr/netsec

It really depends on what niche you're looking on covering. It's difficult, I feel, to brush up on "infosec" to any level of practical proficiency without focusing on a few subsets. Based on your interests, I would recommend the following books.

General Hacking:

Hacking Exposed

The Art of Exploitation

The Art of Deception



Intrusion Detection / Incident Response:

Network Flow Analysis

The Tao of Network Security Monitoring

Practical Intrusion Analysis

Real Digital Forensics


Reverse Engineering:

Reversing: Secrets of Reverse Engineering

The Ida Pro Book

Malware Analyst Cookbook

Malware Forensics



Digital Forensics:

File System Forensic Analysis

Windows Forensic Analysis

Real Digital Forensics

The Rootkit Arsenal


Hope this helps. If you're a University student, you might have access to Safari Books Online, which has access to almost all of these books, and more. You can also purchase a personal subscription for like $23 a month. It's a bit pricey, but they have an awesome library of technical books.

u/orangelounge · 14 pointsr/computerforensics

Start with reference data sets: https://www.cfreds.nist.gov/

and free tools like Autopsy and SleuthKit: https://www.sleuthkit.org/autopsy/

And the bible on digital forensics: https://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172

before worrying about proprietary tools like EnCase. Autopsy is like free EnCase. Same principles apply.

u/LaMaPuppy · 4 pointsr/computerforensics

Aside from SANS FOR508 (the course on which the cert is based) the following helped me:

Windows Registry Forensics

Windows Forensic Analysis Toolkit 2nd ed

Windows Forensic Analysis Toolkit 4th ed

The 2nd edition covers XP, the 4th covers 7/8

Digital Forensics with Open Source Tools

File System Forensic Analysis

This is a new book, but I imagine it'll help as well:

The Art of Memory Forensics

I read many of these in preparation for taking mine, but your best resource are the SANS class/books which is what the cert tests after. Having a good index is key.

There may be other classes out there that might help, but I have no firsthand experience with them, so I can't say what I recommend. All the above books, however, are amazing. Very much worth your time and money.

u/4n6Pi · 3 pointsr/computerforensics

Check out Brian Carriers book on File System Forensics, http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172. He has three chapters dedicated to NTFS.

u/eagle2120 · 2 pointsr/ITCareerQuestions

There are a ton of different things you can do on the defensive side. The path here is a bit less defined because you can specialize in each of these areas with out ever really touching the other ones. But I think these are the most important skills as a defender, so I’ll break it up into three smaller chunks. For the most part, defender/Blue-team concepts draw from these skills, I’ve setup the courses in order, as some of these skills may feed into other areas.


IR:

u/technogal · 2 pointsr/computerforensics

I highly suggest this book: https://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172

While it's been out a bit, as far as I know, it still stands as the definitive source for NTFS file systems.

I went to X-Ways training last year in New York. Take good notes. I mean really good notes. X-Ways is very different than Encase or FTK. You need to understand how file systems work. It is NOT a push button tool. However, you will get way more information for your cases by using X-Ways; it's a great tool.

Are you doing regular forensic case work? If not, consider purchasing Brett Shaver's course: http://courses.dfironlinetraining.com/x-ways-forensics-practitioners-guide-online-and-on-demand-course and book: https://www.amazon.com/X-Ways-Forensics-Practitioners-Guide-Shavers/dp/0124116051/ref=sr_1_1?s=books&ie=UTF8&qid=1492443886&sr=1-1&keywords=xways+forensics+practitioner. They will be invaluable resources while you learn.

Good luck and have fun!

u/nabbit · 2 pointsr/EDC

Few books for you to consider - I got these for my course and are hugely useful. I've also included the Encase book as I know our forensics guys go back to it all the time:

Computer forensics using open source tools

The essential Brian Carrier - file system forensics

Real Digital Forensics

Encase training book

Digital Forensics Investigation

Forensic Discovery

u/kerosina · 2 pointsr/sysadmin

Also don't you want to advance in the field of computer forensics? Here's a book that gives you some understanding of what you will be dealing with, sounds like good application for your computer skills:
http://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172

And a presentation based on this book to see what it's like:
http://mcgrewsecurity.com/training/extx.pdf

u/blizz017 · 1 pointr/netsecstudents

You're going to have a real rough go at it;

That said; 508 is largely derived from the following two sources:

Brian Carrier's File System Forensics (This book is actually given out in the course)

&

The Art of Memory Forensics by MHL, Andrew Case, Jamie Levy, and AAron Walters

That'll get you ~75% the way there. But it's a lot of material to cover and retain without a reference source. I don't know if SANS has an official policy on what specifically you can take in with you during the test outside of your personal notes and their material.

Outside of those two books; get very familiar with The Sleuth Kit and timelining.

Honestly; this would be advice for someone taking the course just as much as it would be for someone not taking the course.

u/Goovscoov · 1 pointr/computerforensics

Do you have the image file itself?
If yes, open it in a tool like Active @ disk-editor.(http://www.disk-editor.org/) This tool highlights disk information in colours and gives verbose information for you to easily understand what parts on the disk/image you're looking at. Great way to start off and learn things about filesystems. Also I highly recommend the File System Forensics book by Brian Carrier. (https://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172)

u/sammew · 1 pointr/computerforensics

> Understanding the types of attacks is a great start.

408 is pretty basic forensics. It is more bad leaver / criminal with a physical device forensics than IR. I would say if you have to read one book, it would be https://www.amazon.com/System-Forensic-Analysis-Brian-Carrier/dp/0321268172?ie=UTF8&redirect=true . It will give you a nice foundation for what will be talked about.