Well done is better than well said.

The Official EnCE: EnCase Certified Examiner Study Guide by Steve Bunting is a well written and informative text with the goal of preparing a computer forensic examiner for Guidance Software’s EnCE certification. The book’s author, Steve Bunting, writes that the book will give you more knowledge than you need to pass the exam, rather than merely covering the basics to pass the certification process. Before you read any further, a quick disclaimer: I am not EnCE certified and thus cannot truly testify to the preparedness that reading this book provides.

I do believe this book provides solid information and will help someone new to EnCase get a better understanding of the program, its capabilities, and the process EnCase takes to retrieve the data. As a forensic analyst without much EnCase training, I know how to perform some key functions, such as using the Case Processor to perform LNK file analysis, how to mount a file to view the file structure, etc. However, I knew EnCase was a powerful program and that there was much for me to learn about this wonderful piece of software. This EnCE study guide by Steve Bunting is great for fellow examiners similar to myself, looking to further their knowledge of EnCase. I wanted to learn about EnCase, how to use it, and understand what this application is truly capable of. This book is great for that purpose, but not entirely great at the other goals the text sets out to accomplish.

The Review
Before you start out to read this book, you’ll need to ask yourself a few questions:
What are you looking to get out of this book, an EnCE certification, knowledge on how EnCase does what it does?
How well do you know EnCase?
Are you hoping to learn more about the forensic process than the capabilities and how to use EnCase? Read more

The Syngress book Digital Triage Forensics: Processing the Digital Crime Scene by Stephen Pearson and Richard Watson is an interesting book that will most likely not be helpful to many people. What I mean by this is that Digital Triage Forensics (DTF) is about responding to a battlefield scene and preserving the evidence, while getting valuable intel as quickly as possibly. Performing exams on the battlefield isn’t something you’re going to do unless you want to get shot by a sniper, mortared, etc., so the standard Computer Forensic Field Triage Process Model (CFFTPM), is not the best choice, which is why DTF has been developed.

Chapter 4 Using the DTF Model to Process Digital Media has some nice information in it for someone looking for introductory material to the computer forensics field. DTF explains the differences between physical and logical drives with a library analogy, the hardware needed to conduct an exam, and some software available for use to help throughout the exam. The material is delivered in an easy to understand manner, but again, it’s basic.

Chapter 5 Using the DTF Model to Collect and Process Cell Phones and SIM Cards was a decent chapter on cell phone collections, but again, no ground breaking research here. There are some tools covered that show they are certainly worthy of being mentioned, such as the HTCI Isolation Chamber. However, there is not much presented here that is not covered in the introduction level books to mobile forensics. Read more

JavaScript is a very useful skill to have in your toolkit. JavaScript can be used to execute simple attacks with big payloads. It is of my belief that understanding what tricks an attacker may use is a great way to strategize your defense. If you understand how JavaScript can be used for attacking, you can utilize that knowledge to prevent future attacks.

I came across a fun website today that has a goal of making “it easy for everyone to love and learn how to program.” The website, Codecademy, currently has lessons available for learning JavaScript, but is looking to add more in the future. Currently, the website has eight lessons which teach you the basics, how to setup alerts and confirmations, how to use constants, count the length of a string, use loops, and much more.

Codecademy has achievements and points that you can earn as you progress through lessons. They also allow you to monitor your progress towards completing individual lessons and the percentage of all lessons completed by the user. Codecademy approaches these lessons with a fun, interactive, and encouraging demeanor that makes the user want to continue progressing until they have completed all the lessons. You can share the progress you’ve made which makes it fun to compete with friends as you learn JavaScript.

Read more