(Part 2) Top products from r/computerforensics
We found 22 product mentions on r/computerforensics. We ranked the 59 resulting products by number of redditors who mentioned them. Here are the products ranked 21-40. You can also go back to the previous section.
22. Digital Forensics Workbook: Hands-on Activities in Digital Forensics
Sentiment score: 1
Number of reviews: 1
24. The Hacker Playbook 2: Practical Guide To Penetration Testing
Sentiment score: 1
Number of reviews: 1
The Hacker Playbook 2 Practical Guide to Penetration Testing
25. Guide to Computer Forensics and Investigations (with DVD)
Sentiment score: 1
Number of reviews: 1
Cengage Learning
26. Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan
Sentiment score: 1
Number of reviews: 1
O Reilly Media
27. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
Sentiment score: 0
Number of reviews: 1
28. Guide to Computer Forensics and Investigations (Book & CD)
Sentiment score: 1
Number of reviews: 1
29. Computer Forensics InfoSec Pro Guide
Sentiment score: 1
Number of reviews: 1
Used Book in Good Condition
30. Mobile Forensic Investigations: A Guide to Evidence Collection, Analysis, and Presentation, Second Edition
Sentiment score: 2
Number of reviews: 1
31. How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life
Sentiment score: 0
Number of reviews: 1
Thomas Dunne Books
32. Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Sentiment score: 0
Number of reviews: 1
John Wiley Sons
33. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Sentiment score: 1
Number of reviews: 1
Wiley Publishing
34. EnCase Computer Forensics -- The Official EnCE: EnCase Certified Examiner Study Guide
Sentiment score: 0
Number of reviews: 1
Sybex
35. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Sentiment score: 0
Number of reviews: 1
Wiley Publishing
36. Real Digital Forensics: Computer Security and Incident Response
Sentiment score: 1
Number of reviews: 1
37. Computer Forensics: Incident Response Essentials
Sentiment score: -1
Number of reviews: 1
I don't think there are really an prerequisites to get a good amount of learning out of the class. Understanding the types of attacks is a great start. In 2004 (at least I think it was that year), they only had one class (508) and on day 3, after we had gone over the bulk of how filesystems and computers work, we were doing an exercise based on hand rebuilding a usb thumb drives filesystem (it had been tampered with). A guy raises his hands as says "You keep using the words rootkit, what is that"? The instructor thought he was being trolled at first. So having a pentesting cert will certainly help you (both as a pentester and with learning forensics since you will learn that there is always evidence of some sort left behind).
All that being said though, you should at least be a little familiar with the following (though they do a great job of explaining these in the class):
Right now (well as of last year when I took the cert/class) the books are titled:
Harlan Carvey's books are an excellent resource.
Windows Registry Forensics, 2nd
Windows Forensic Analysis Toolkit 4th
My first time using the formatting features, so hopefully I didn't screw that up. Feel free to PM me if you have more questions. I have a bunch of SANS certs and have been doing this for ages. I am always happy to help someone who's learning!
Edit: the 2nd book link isn't showing up, so fixed that.
Computer Forensics InfoSec Pro Guide was the first book I read when I landed my first DFIR job. It's a quick read, but it gave me a great foundation to work from.
If you haven't done so already, start messing around with Linux. As your coursework evolves, you will probably spend a lot of time in that type of environment, so it pays to become familiar with it now.
Lastly, and this may be an old way of thinking, but if your degree is entirely focused on forensics, you may be spreading yourself too thin when it comes to finding a job after graduation. Having a well-rounded computer science background will make you much more marketable. With that in mind, I recommend checking out the Open Source CS Degree as it's a free way to gain that knowledge on your own.
Generally speaking, your IT background should allow you to get into an entry level forensic position (though there aren't a ton of those). Public sector would be your best chance, but as has been stated most of those positions are sworn if it isn't a large agency. At one training, as we discussed our backgrounds, an officer stated that he was sent because he was able to help the Chief at his agency put an icon on his desktop. A lot of it is push button with procedures being the thing we worry about most. It's the non-lowhanging fruit that will require some IT skill.
​
3 to 4 years of IT experience should get you an interview. From there I would just read of on forensics in general and not worry too much about certifications. Most are vendor specific and each department/company is going to dictate what you use and most likely pay to train you.
​
On the mobile side I would suggest this book:
https://www.amazon.com/Mobile-Forensic-Investigations-Collection-Presentation/dp/1260135098/ref=sr_1_4?keywords=mobile+forensics&qid=1559139135&s=gateway&sr=8-4
I read the first edition and it was really spot on. Covers everything from seizing the device properly to performing an extraction and then presenting the data.
​
You should also start learning Python. The above book covers part of it and I use it almost daily to make things easier. Also, I build tools to help myself and other investigators so it is really a tool you should have in your arsenal.
​
Good luck!
Your question is not very specific (as to whether you are asking about hardware, software or physical requirements), and therefore I'll reply with a general answer.
UNDERSTAND WHAT YOU NEED:
I suggest you first gather the requirements for the lab as your requirements could vary depending on the type of lab you are setting up. (is it for an SME or big company? what type of cases are you going to work on? civil, corporate, legal etc. Depending on that, what type of hardware do you need, the software required, tools to investigate legacy software, how secure should your lab be, do you require a tempest protected facility? etc.)
The book 'Guide to Computer Forensics and Investigation' has a chapter dedicated to setting up a digital forensics laboratory. I have read it and it provides some really good insight into setting up a forensics lab. Here is a link to the book:
http://www.amazon.com/Guide-Computer-Forensics-Investigations-Book/dp/1435498836
You'll find many similar resources out there. Another book is:
http://store.elsevier.com/Building-a-Digital-Forensic-Laboratory/Andrew-Jones/isbn-9780080949536/
One thing to note is, depending on the location, you may need a license (some states in the US restrict forensic activity only to licensed orivate investigators).
PROCEDURES:
The SWGDE documentation provides best practise documents and procedures that you can use as formal procedure documents for your company. (Check their terms and conditions before using them.)
Again, there may be several similar documents provided by other bodies.
TOOLS:
If you require information on the tools, there are numerous resources online that you could look up for guidance. A good starting point could be http://resources.infosecinstitute.com/computer-forensics-tools/
Certs. Most computer forensics jobs require at least one or more of the computer forensics certifications. Begin with ACE (Accessdata Certified Examiner) it's free. Next, buy some textbooks with exercises and practice them. Here's an example: https://www.amazon.com/Guide-Computer-Forensics-Investigations-DVD/dp/1285060032/ref=sr_1_2?ie=UTF8&qid=1469102726&sr=8-2&keywords=computer+forensics
I also encourage you to learn about mobile forensics. A good amount of investigations relate to mobile device.
Since this is the subreddit for DFIR, that's what you're going to end up with as far as suggestions go. For pentesting stuff, checkout:
-Web Application Hacker's Handbook: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 (this has some labs, but just reading through the various weaknesses in WebApps will be a great start)
-The Hacker Playbook: https://www.amazon.com/dp/1512214566/ref=pd_lpo_sbs_dp_ss_1?pf_rd_p=1944687742&pf_rd_s=lpo-top-stripe-1&pf_rd_t=201&pf_rd_i=1118026470&pf_rd_m=ATVPDKIKX0DER&pf_rd_r=1NSA1RZZ3WQTP374S9WK
Red Team Field Manual: https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=pd_bxgy_14_img_2?ie=UTF8&psc=1&refRID=S7FG8F9TCMZMM9HVX2TN
Those two are good general pentesting books. You might also try /r/AskNetsec for other suggestions.
This is your curriculum:
1 & 2 below are basically required reading in my CSIRT; 3 is optional, but advisable.
Next get yourself and/or your organization to participate in FIRST
Digital Forensic workbook is a great source for building foundational knowledge on many of the general computer forensic techniques. It covers info such as file system forensics, acquisition, software write blocking, registry analysis, email analysis, internet history analysis, recovering data in unallocated space, etc. Labs are included with the book so you can test the content learned against sample data.
Learning Malware Analysis Guides you through static analysis, dynamic analysis, using IDA pro, and other dismembers to determine the intent of malicious files.
Practical Malware Analysis
Wireshark Network Analysis
Windows Forensics and Linux Forensics by Phil Polstra are 2 books about Forensics and IR that came out in 2015-2016. They go real in-depth about filesystems and teach you how to understand the parsing/processing and forensic analyses proces by creating your own python scripts instead of just running tools and rely on those. I can really recommend these books for starters.
https://www.amazon.com/Windows-Forensics-Dr-Philip-Polstra/dp/1535312432
https://www.amazon.com/Linux-Forensics-Philip-Polstra/dp/1515037630/ref=pd_sbs_14_t_2?_encoding=UTF8&psc=1&refRID=ZZV0H8ZCEWQDX1HNX8TW
Mind sharing the links? There's a few "Hack this site" websites ranging from user uploaded files and I've seen one which is more based on javascript and SQL injection.
Have you thought about looking at crackme? There's also the Microsoft Blue Hat Challenge. Forensic Focus also provide a list of resources to practice with.
There's always books as well. I'm currently working through Real Digital Forensics that comes with files used in the book and explain how it was gathered and how to view it.
There's plenty of resources out there, but you've got to be a bit more specific on what challenge you're looking for, as there's a range of subjects.
My recommendations then for self study:
Read all those and you will be in good shape ;)
EDIT: I hate trying to get reddit to do what I want.
My bible.
http://www.amazon.com/EnCase-Computer-Forensics-Official-EnCE/dp/0470901063
There's a few videos from EnCase on getting started with V7 too.
Youtube has some videos from various folks on En6-7 and FTK, but your milage may vary there.
I suggest Harlan Carvey’s new book:
Investigating Windows Systems
https://www.amazon.com/dp/0128114150/ref=cm_sw_r_cp_api_i_omwACb023MNYY
Tcp/up basics But seriously, TCP/up illustrated by Stevens
No problem at all, I'll explain.
I'm new to the forensic department mt past experience has been with areas not directly related to computers, the below is one such example of a field that contains almost no computer related content:
https://www.amazon.com/How-Be-Invisible-Protect-Children/dp/1250010454
This book is pretty much the top in the feild despite being a few years old, and metions very little (if anything) about computers.
Warren Kruse and Jay Heiser. Computer Forensics: Incident Response Essentials. Addison Wesley, 2001. You can purchase At https://www.amazon.com/Computer-Forensics-Incident-Response-Essentials/dp/0201707195
Carrier, B. File System Forensic Analysis. Addison-Wesley, Reading, PA., Mar. 2005. (Available at https://www.kobo.com/us/en/ebook/file-system-forensic-analysis-1)
Carvey, H. (2014). Windows forensic analysis toolkit: Advanced analysis techniques for Windows 8; Waltham, MA: Syngress.
Altheide, C., Carvey, H. A., & Davidson, R. (2011). Digital forensics with open source tools. Amsterdam: Elsevier/Syngress. (Available at https://www.amazon.com/Digital-Forensics-Open-Source-Tools/dp/1597495867)
Carvey, H. A. (2005). Windows forensics and incident recovery. Boston: Addison-Wesley. (Available at https://www.amazon.com/Digital-Forensics-Open-Source-Tools/dp/1597495867)
Bunting, S. (2012). EnCase computer forensics: the official EnCE: EnCase certified examiner; study guide. Indianapolis, IN: Wiley. (Available at https://www.amazon.com/Digital-Forensics-Open-Source-Tools/dp/1597495867)
Ligh, M. H., Case, A., Levy, J., & Walters, A. (2014). The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linu. John Wiley & Sons. (Available at https://www.amazon.com/Digital-Forensics-Open-Source-Tools/dp/1597495867)
Casey, E. (2017). Digital evidence and computer crime: forensic science, computers, and the Internet. Vancouver, B.C.: Langara College. Available at https://www.amazon.com/Digital-Evidence-Computer-Crime-Computers/dp/0123742684