Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Secure Reads: Real Digital Forensics

Read a review of the security book Real Digital Forensics.

Real Digital Forensics
By Keith J. Jones, Richard Bejtlich, Curtis W. Rose
Addison-Wesley, 650 pages, $49.99


Real Digital Forensics
@exe If you watch even a little television, you know that forensics is a hip, sexy field. But, real digital forensic investigations are neither hip nor sexy, but rather complicated and demanding: There is absolutely no substitute for experience, but it's difficult to come by. Enter Real Digital Forensics, a fantastic book/DVD combo that's shows you how to investigate a set of real-world cases under the guidance of its experienced authors.

Real Digital Forensics' hands-on focus makes it stand out. With five cases illustrating forensics techniques, the authors lead you through the investigative process, asking questions and then applying forensic processes to provide the answers. In addition to commercial products like EnCase and FTK, they also highlight many open-source tools such as libPST for e-mail recovery. The DVD includes copies of case data and most of the free software so readers can follow along.

Digital investigators must be familiar with a variety of data sources, and Real Digital Forensics doesn't skimp. The book covers standard hard drive forensics, the analysis of running systems, network forensics, Web browser session reconstruction and e-mail discovery. The authors give step-by-step examples of acquiring and analyzing data from USB keys and PDAs, which are common in the field but ignored by most other forensics books. The book manages to cover most of the important points; however, some emerging technologies, like cell phones, are ignored.

After the reader finishes the book and starts to implement what he's learned, however, some confusion can set in. The relevant examples are spread throughout the book, and there is no single reference that lists the required equipment and software. An appendix with a checklist of references would be a welcome addition to future editions.

Another slight problem stems from content: Real Digital Forensics is essentially a survey of topics, not an exhaustive reference work. While the techniques presented are clearly described and forensically sound, serious investigators will require more detail. The emphasis is on practical techniques; theory is often omitted. For example, forensic analysts should be conversant with the details of standard file systems like NTFS or ext2/3, but this information is absent.

But, despite the minor flaws, Real Digital Forensics provides an excellent introduction to forensic techniques used in corporations and courtrooms world wide. If you're a beginner in the field, or if you want to expand your existing skill set, the book offers valuable expertise and hands-on experience that might otherwise not be easily available.

--David Bianco

Top Shelf
Visit's Information Security Bookshelf for chapter downloads from these books and more.

Counter Hack Reloaded
By Ed Skoudis and Tom Liston
Prentice Hall

Intrusion Prevention Fundamentals
By Earl Carter and Jonathan Hogue
Cisco Press

The Definitive Guide to Security Inside the Perimeter
By Rebecca Herold

The TCP/IP Guide
By Charles M. Kozierok
No Starch Press

Sarbanes-Oxley IT Compliance Using COBIT and Open Source Tools
By Christian Lahti, Roderick Peterson, Steve Lanza

Web Feedback
Tell us what you think of our book reviews or the titles on our online bookshelf. Send your comments to or enter your thoughts on's Sound Off.

[The Art of Deception] is the Bible on social engineering--and how to combat it--from the master of all social engineers, Kevin Mitnick. Anyone overseeing information security in a large organization will lose sleep when they realize how vulnerable they really are."
--Joel Dubin, CISSP, independent security consultant and the author of The Little Black Book of Computer Security.

For a sample chapter of this and other information security titles,

Article 3 of 13
This was last published in February 2006

Dig Deeper on Real-time network monitoring and forensics

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.


Please suggest some benchmarked tools of digital forensics. I mean the tools related to email recovery, hard disk imaging or cloning, cdr analysis, etc. 
Reply awaited.

Thanks and regards

Get More Information Security

Access to all of our back issues View All