Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8

While this book is an updated version of 3e (author mentions this) with some artifacts for win 8 it is still a great read. The last two chapters which focus on how to's and writing reports has been of great help and i plan to use the template to better organize my reporting format. Speaking of structures, i like that the book focuses on explaining the artifact structures, relevance and when you could use the tool applicable to parse the artifact. This also applies to the process methodology laid out in the book, i like the example of "why scan the machine twice with the same AV if it didn't find anything in the first place?" i have seen too many cases like this in real life. Also defining analysis goals before starting analysis is something i have been stressing on my self and my teammates and Harlan does a good job laying that out.The concept of using micro timelines is great and i have found success applying this technique for finding pivot points rather than taking a kitchen sink approach and creating a supertimeline, not to say the supertimeline doesnt have its place :) it does but not all scenarios require one.In closing, if you haven't picked up the 3e pick this one up, if you are new to digital forensics and incident response, pick this one up. having the textbook version helps as you can reference the material quicker and its easier on the eyes when it comes to screenshots and quoted text for ch.7 (timelines), i had a hard time reading these with the 3e ebook.

have been in a Cyber Security & Computer Forensic Major for over two years. This book is not only a staple in my library, Harlan Carvey one of the few authors I have found that is a talented writer for technology, particularly digging deep within the Windows operating and file system.Most technology books are big on the what and how, but are light on the why. His tips and talent are thoroughly seasoned with personal perspective and explanation that makes what was a textbook a thoroughly enjoyable -and educational- 3 dimensional read.I look forward to seeing his approach to the newest evolution of Windows and am ordering the Windows Registry Forensics.

I found the chapters on Volume Shadow Copies, mini-timelines and Malware most interesting. A good read as an update to the third edition.

I must state at the onset - This is a great digital forensics book.This book as both an knowledge-builder and go-to desk-reference is a formidable and useful work. It is very well written and well attributed. If i had to take one book about Windows 8 with me to Bezerkistan in order to complete an WIN 8 digital forensics mission. This Windows Forensics Analysis Tool Kit - is it.I admire Harlan's technical forensics skills, understanding about limitations the forensics practice and his excellence in writing. This is a "must have" for digital forensics professionals. If you are in the digital forensics - business - get this book - read it - use it.

Thoroughly disappointed. My intent was highly technical and wanted to see Perl security coding in practice. This book states all the Perl code is available. In fact, none of the code is available. Therefore, large chunks of the book referencing Perl tools are pointless.Book States:“There is no DVD that accompanies this book; instead, you’ll be able to find a link the code that I’ve written and described in this book online at the Books page for the WindowsIR blog, found online at”… Mr. Harlan’s website. It is not there. This book isn’t even listed.I am sure the material was available at one time. But it is not now.

I had to buy this book for a third/fourth-year forensics course, the one where we perfect the collection of evidence and the writing digital forensics reports. I would like to give this book four-and-a-half stars for information, but I deducted over a star for the editing errors. I do not know what it is about computer manuals, but of all the books I have had to read during the last seven years of school--including books on accounting, criminal justice, psychology, math, English literature, creative writing, and humanities--the computer manuals sit at the very bottom regarding grammar and punctuation. The glaring errors make it very hard for me to concentrate.One might think this is a trivial concern, but in fact grammar is exceedingly important to a computer forensic major. We have to match pronouns to antecedents. We have to know about the possessive gerund. We must understand where commas go and understand the difference between colons and semicolons. We have to avoid certain tenses of being, staying mostly in direct past tense. We cannot use first-person speech. We must avoid contractions, and so on. While some of these directives can be ignored in the writing of textbooks and manuals, such as using contractions and even using the first person, a computer forensic professional must adhere to the basics of good grammar. The author and line editors of this book did not match pronouns to antecedents, and they did not use possessive nouns in front of gerunds. They used semicolons where colons would have gone. And I cannot even go into the misuse of comma placement. For one example of the grammar usage in this book, I have written verbatim a sentence on page 37 of the text:"The two primary concerns during an incident with respect to logs are, where they are located and what's in them--both of which can have a significant impact on the outcome of your incident response activities."The comma after "are" makes no sense unless the editor inserted a comma after "incident." The m-dash is oddly used, almost as if the first comma put the author and editors at odds at what punctuation to use for the afterthought to the sentence. The usage of the pronoun "your" is overtly colloquial for a textbook. I could even let the usage of "your" go, as this author enjoys the colloquial speech, but the punctuation errors throughout the book reduce the tone's effectiveness. Just because someone is using a friendly tone does not mean that awkward punctuation is any easier to take. This sentence is one of many, many sentences in the book that is clumsily written.I think the author is a brilliant person, and I certainly will be using his techniques. I just wish that he and the other computer professionals in the field of manual writing would dare the expense of hiring professional textbook editors.This being said, I would recommend this book for personal information. I would not recommend the book as it is written now for class usage and hope future editions are edited more stringently.

Book in great condition. Good buy!!!!

Decent foundation for Windows Forensics, but there isn't any information about new artifacts in Windows 8.1. It's mostly just updated paths from Windows 7. So if you want a good foundation, this is a good book, but you won't really learn much about Windows 8+.

The print is terrible. The characters are not clear and it makes it hard to read. The content however is excellent.