In January 2017, I got an email from a publisher. They asked if I wanted to write a book about digital forensics. I said no. They asked again. I said no again. They kept asking more and more nicely, and offering me more and more things in exchange. I kept saying no. I wasn’t trying to negotiate a higher price, I just really didn’t want to write a digital forensics textbook.
In the end I said yes if I could have a co-author. I found Oleg Skulkin via Twitter, and we signed contracts and started writing a book together. Eventually, Windows Forensics Cookbook was born.
Unfortunately everything didn’t go quite how I’d expected. (more…)
One of the most frequent questions I get from digital forensics students is about resources: where can they go to continue learning, where can they find out more about the industry, what are the best blogs and social accounts out there for DFIR people?
The below is by no means an exhaustive list, but here are some of the places I get my computer forensics news from, which you might find helpful. (more…)
Last year I wrote a book. It’s called Windows Forensics Cookbook and I didn’t really want to write it, but I’m glad I did because now I know I can. It was a little too technical for my liking, really: I would have liked to have written something meatier in terms of text, and less screenshotty.
So this year I’m writing another book. With a working title of First Steps In Digital Forensics, it will be aimed at people who want to get into the industry. Whether you’re a student of a related discipline, a professional looking to switch industries, or just someone who’s intrigued by the field and wants to know what it’s really like, this book will have something for you.
A while ago I published a book. It’s a digital forensics textbook, and the guys over at Forensic Focus, where I normally write digital forensics related stuff, wanted me to promote it there. I couldn’t work out how to do that though: normally we either review books or interview the authors, but I couldn’t review my own book and I didn’t want to interview myself.
Enter Oleg, my co-author and very useful person, who took on more of the book than he’d originally agreed to when I got ill halfway through the process. Today I interviewed him on Forensic Focus about what he does as a day job, how he came to write the book, and what he thinks the most important current challenges are in digital forensics.
Take a look at the interview on Forensic Focus
Last week I caught up with David Spreadborough from Amped Software about image authentication in digital forensics.
David, can you tell us a bit about your role and what it involves?
I’m the international trainer for Amped Software. First of all, Amped Software is a digital image and video company and everything that we do has a forensic and scientific backing. It’s very easy to deal with an image or a video, but to deal with an image or a video forensically, with a scientific backing, requires a product to guarantee that everything a user does is forensically sound.
My history is that I was a police officer for 24 years; the last 12 years were spent purely doing CCTV and image investigations, mainly from CCTV. I left in 2015, upon the closure of the Forensic Imaging Unit.
Because I’d been aware of Amped Software, and I’d been aware of some of their products, I’d started assisting them with some ideas in order to help users. Then they offered me a job as their international trainer. I not only go around the world teaching other people to use the software, but I also do the research and development of ideas; getting ideas from users when I’m delivering training and working out how we’re going to put that into the software. I also do private analysis work, so if there are any challenges while I am conducting an investigation, we can solve these problems and then build the solution into the software as well.
Read the full interview on Forensic Focus
From the 6th-8th of December 2016, AccessData ran a Windows course in a training centre overlooking Trafalgar Square in London, UK. The aim of the course was to familiarise forensic investigators with the Windows operating system and give an in-depth understanding of its potential for analysis in digital forensic investigations.
From the 1st to the 3rd of November 2016, AccessData ran a live online training course to help forensic investigators understand the specific challenges presented by Windows 10, and how they can be overcome.
The course was aimed at people who already had a level of familiarity with both forensic investigation generally and with AccessData’s products, and took participants through all aspects of investigating a Windows 10 system.
Any book that begins with a foreword by Eoghan Casey is almost guaranteed to be a vital and immensely useful read in the field of digital forensics, and Practical Forensic Imaging is no exception.
The need to securely preserve digital evidence is of the utmost importance to any investigator, particularly in criminal cases where findings may need to be upheld in a courtroom situation. Despite the huge impact of this subject matter, however, there have been precious few books on the topic to date. Luckily, Practical Forensic Imaging steps in now to fill the gap.
Read the full review on Forensic Focus
The other day I interviewed John Patzakis, Executive Chairman at X1 Discovery, about an article he’s written about a new amendment to Federal Rule of Evidence 902.
Subsection (14) will come into play this December, and will mean that all electronic data will be required to be “self-authenticating”.
Learning Android Forensics was written by Rohit Tamma and Donnie Tindall, and aims to provide a thorough introduction to the forensic analysis of smartphones running the Android operating system, from the initial setup of a forensic workstation through to analysing some of the more important artefacts. With input from highly experienced reviewers in the digital forensics field, the book is an excellent resource for students and practitioners alike.