±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36783
New Yesterday: 0 Visitors: 1204

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Sans FOR500 - Newbie to Forensics

Computer forensics training and education issues. If you are looking for topic suggestions for your project, thesis or dissertation please post here rather than the general discussion forum.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 


Re: Sans FOR500 - Newbie to Forensics

Post Posted: Oct 18, 18 15:44

Awesome thanks a lot everyone for the detailed informative responses, very much appreciated!!  

Senior Member

Re: Sans FOR500 - Newbie to Forensics

Post Posted: Oct 18, 18 21:22

- hectic_forensics
Brian Carrier's book on forensic analysis of filesystems is still a good book IMHO. Worth a read, especially if you are just starting out.

Interestingly where File System Forensic Analysis was previously one of the books people recommend being read first, now we're starting with forensic artefacts and working down to the file system. FOR 508 covers the NTFS artefacts on the second last or last day.

Reading through FSFA is definitely recommended at some point.

As per Investigating Windows Systems, I haven't received my copy yet but Harlan has indicated that it isn't a book on parsing artefacts, but about putting them together. Can't really say if its worth reading for your purpose (but considering the reviews so far, as well as knowing harlan delivers a good read), but I'd definitely be starting with the earlier books.

Either way, doing a bit of reading beforehand, even if its just reading the weekly blog posts by everyone leading up until the course will help you hit the ground running  

Page 2 of 2
Page Previous  1, 2