Book Review: Windows Forensic Analysis Toolkit
Tue, 05/29/2012 - 8:00pm
Windows Forensic Analysis Toolkit by Harlan Carvey provides the reader with an in-depth understanding of the Digital Forensic analysis of Windows 7 systems. Throughout the book, the author discusses basic core investigative and analysis concepts which are critical to forensic analysis and which are based on first-hand real life experiences. He provides many notes and tips that will aid examiners with their examinations. In the chapter on incident response, the author reminds us of some complex administrative factors that are not often discussed: the importance of being prepared to respond to an incident. This cannot be understated. Different chapters in the book provide detailed information regarding the analysis of Volume Shadow Copies, File Analysis, Registry Analysis, Malware Detection, Timeline Analysis, and Application Analysis. The many references to both free and open source tools and resources cited by the author will provide examiners with additional knowledge, awareness, and capabilities in examining Windows 7 systems. Although not necessarily intended to do so, the book can also serve as part of a detailed or advanced training program for digital forensic examiners. As such, this book should be considered a must-have resource for incident responders and examiners in both the private and public sectors.