Recommended Books

At the risk of doing for DFIR books what @instacyber observed for Twitter, I've collated a list of recommended reading and resources.

The below books are in no particular order and I'll continue to update the list as I see fit. Most are well known, and I'd also draw attention to the recommended reading of Andrew Case and @thegrugq.

I'm always happy to get recommendations!

Digital Forensics

File System Forensic Analysis, Brian Carrier

Practical Forensic Imaging: Securing Digital Evidence with Linux Tools, Bruce Nikkel

Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8, 4th Edition by Harlan Carvey

Incident Response & Network Forensics

Network Forensics: Tracking Hackers through Cyberspace, Sherri Davidoff & Jonathan Ham

The Cuckoo's Egg, Cliff Stoll (then watch Chris Sanders' videos here)

Offensive Countermeasures: The Art of Active Defense, John Strand et al.

Network Attacks and Exploitation: A Framework, Matthew Monte

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, Chris Sanders

Memory Forensics

The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, Michael Hale Ligh et al.

Malware Analysis

Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software, Michael Sikorski & Andrew Honig

Intelligence Analysis

Psychology of Intelligence Analysis, Richards J. Heuer Jr. or direct from the CIA

Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information, Michael Bazzell

General Information Technology

Code: The Hidden Language of Computer Hardware and Software, Charles Petzold

How Linux Works, 2nd Edition: What Every Superuser Should Know, Brian Ward

SSH Mastery: OpenSSH, PuTTY, Tunnels and Keys, Michael W. Lucas

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, Gordon 'Fyodor' Lyon

Building Virtual Machine Labs: A Hands-On Guide, Tony Robinson


Brakeing Down Incident Response