8 of 9 people found the following review helpful
There is no substitute for this book,
This review is from: Windows Forensic Analysis DVD Toolkit, Second Edition (Paperback)
I read and reviewed the 1st Ed of this book in July 2007, and I just finished reading Windows Forensic Analysis 2nd Ed (WFA2E) this weekend. If your job involves investigating Windows systems, you must read this book. It's as simple as that. There is no substitute for this book. It also perfectly complements other solid forensics works already published.
The three main reasons why I liked the 1st Ed hold for the 2nd Ed. The subject matter is exactly what I wanted to read. WFA2E introduces a vast number of tools to help investigators implement the concepts explained by the author. Harlan brings a lot of experience to WFA. Of these three, I really appreciate Harlan's experience. He is constantly "in the fight" so he knows what works and what doesn't. He's been around so long that he knows what he's talking about. If he encounters a problem, he can either try fixing it himself or he is friends with someone who can work the issue. All of these characteristics shine in WFA2E.
I expect to see a 3rd Ed of this book in a few years, incorporating more Windows Vista and Windows 7 material. It might also be helpful to consider techniques for Windows Server and Mobile platforms in the 3rd Ed. Regardless, I will look forward to that book when it arrives because I enjoyed WFA1E and WFA2E so much.