Bitcoin Forensics - The book

crypto

The table of contents is done!  Or at least the tentative table of contents is done.

You'd figure that a table of contents would be the easiest thing to write for a nonfiction book, but not only is it not the easiest, but it changes as you write.  I've learned that a good plan for a table of contents helps keep the book focused, but I also learned that as you research, you either add or subtract to the original plan.  Some of the book has been started as well, but the table of contents is what I want to get out for a few reasons.  One, build your interest in cryptocurrency investigations and get you excited about the book, (2) get input if you have it on what you would like to see in the book, and (3) check if you have interest in contributing to the book process.

The tentative table of contents
  • Introduction
    • You should maybe get started learning this sooner than later
    • Eventually, every case where money is involved will involve cryptocurrency
  • Chapter 1 - Money
    • Currency
    • Physical money
    • Virtual money
  • Chapter 2 - Money Laundering
    • Traditional methods (simple to complex) with physical money
    • High tech methods (simple to complex) with virtual money
  • Chapter 3 - The Blockchain
    • It is not just for Bitcoin
    • Blockchain is a big deal
  • Chapter 4 - Wallets, Exchanges, and Transactions
    • How to use cryptocurrency
    • How cryptocurrency changes everything in money laundering investigations
  • Chapter 5 - Anonymity and Cryptocurrency
    • You are not anonymous when using cryptocurrency
    • You are anonymous when using cryptocurrency
    • The Dark Web Markets and Cryptocurrency
  • Chapter 6 - Cryptocurrency Investigations
    • Device forensics (artifacts)
    • Forensic tools
    • Tracking transactions on the Blockchain
    • Seizing wallets
    • Identifying the owner of a cryptocurrency wallet
    • Legal issues
  • Chapter 7 - Case Studies
    • Money laundering related crimes
    • Terrorism
  • Chapter 8
    • Putting it all together
    • Tying suspects to wallets and devices
    • Tying suspects to cryptocurrency transactions
  • Summary
  • Appendix
    • Everything we can put together as resources for you!

We have a general idea of how long each section will be, but won't know until we write it.  So one chapter may be way longer than another simply because there is so much to discuss.  Don't worry about being overwhelmed with cryptocurrency information as this book is for you, the practitioner, the investigator, and the trier of cases.

There is one request (or offer, depending on how you look at it):

Contribute to the book.

If you ever thought of writing a book, or contributing to a book, but wanted to dip your toes in first, this is an opportunity.  I have a handful of crypo cases worked and Tim has more than a bit of research into cryptocurrency investigations.  I already have a few offers of case studies and research that I will be taking people up on; however, if you have interest as a contributor, email me (This email address is being protected from spambots. You need JavaScript enabled to view it.).  Whether you'd like one of your cases featured in a case study, share some things you did in a case, or share some research findings, we are open to all.  That what we use is credited directly to you in a peer-reviewed, tech-edited, professionally published digital forensics book.  

On case studies you may want to use, I am way familiar with police cases, privacy, and legal restrictions on public disemination. I am also aware of public records laws and if you have a case to talk about, I can easily formally receive a copy through public records and be able to talk to you about it without worrying of releasing any information that should not be released.

On research, if you have done some work already, we're glad to incorporate part or whole, as you would like seen in the book.

Our goal is not fame or fortune, but to write the best book on a topic that will be red hot sooner than you think.  But if you want to be famous...get ahold of me. I'll put in you in the book :)

935 Hits

Bitcoin Forensics

Two books in the works.

In between the adventures in life and work, I have been busy with writing.  One, a fiction book, is expected to be in print next year (all on the publisher's schedule).  It’s an exciting book and sure to grab your attention. More on that sometime later.  The second book is another nonfiction forensics book, Bitcoin Forensics 😊.

There were a few topics I wanted to write about for my next forensic book; however, considering the recent cases involving cryptocurrency, Bitcoin Forensics is at the top of the list.  A couple of points on the book before you make an assumption about what the book is or is not:

1. The book is not anti-cryptocurrency.  In fact, this book is pro-cryptocurrency not only as use as a currency, but as an investigative target for investigators when following the money.

2.The book will not be about only Bitcoin.  The book will cover cryptocurrency in totality of all-the-coins, to include the major coins (Bitcoin, Ethereum, etc…) and the Altcoins.

 

Like my other books, it will be written for the practitioner, the investigator, and the court officer with duties of trying cases involving cryptocurrency.  Our goal is to write a book that you can read and put to use on day-one.  Oh yeah, did I say “our”?  I sure did.  Tim Carver is my co-author.   If you know of Professor Carver, then you know that you will be learning all you need with the investigative aspects of cryptocurrency in your cases.  Additionally, we have a few contributors (and on the lookout for more!) that have either conducted extensive research or have conducted successfully cases with cryptocurrency as a money laundering aspect of their cases.

I have one confession to make.   Some time ago (a few years?), Tim asked for my opinion on cryptocurrency and money laundering with criminals.  At the time, I said that I believe it may be years before the common criminal uses cryptocurrency for money laundering simply because of the technology.  “Blockchain technology” is not something that everyday meth dealers may be knowledgeable about.  The other obstacle I thought was that converting physical cash into digital cash is not that easy.  On the other end of the criminal spectrum is the DTO (drug trafficking organization). The amount of physical cash generated alone is enough to prohibit converting into digital cash.  I just didn't see cryptocurrency being a major criminal investigative aspect.

But here comes 2017...  I’ve seen more than a few cases in the news of BILLIONS of dollars being laundered. On top of that, after doing research on cryptocurrency for over a year (talking to Tim generated an interest to test theories in cryptocurrency) and coincidentally getting a case with cryptocurrency being a central target in the case….I think I was mistaken.  Cryptocurrency has come and will eventually be part of every criminal investigation that has any financial aspect.

So, there you have it.  The inspiration of the book came from Tim Carver calling me to ask my opinion, a year of research afterward, a cryptocurrency case to figure out, and finally me asking Tim to co-author a book on it.

If you have conducted a cryptocurrency case or done research into cryptocurrency, and you want to be in the book as a contributor (named or unnamed), This email address is being protected from spambots. You need JavaScript enabled to view it. right away.   If you want to be a bigger part of the book, that is a possibility as well.  Email me and let’s talk.

Until then, expect the book to be in print (or on your mobile device) in 2018.  Cool book topic, and probably one of the most relevant subjects for the years ahead in forensic investigations, both in the criminal case world and private sector engagements.  Don't believe?  No worries.  You will soon enough, just like I did.

 

 

 

762 Hits

Anonymity: Criminals are only as good as their last mistake

I’m big on privacy, even though I know that practically, the only information that is private today is that which (1) only you know and (2) does not exist anywhere outside your head.  Everything else can be had one way or another, by hook or crook.  Most personal information we willingly give away, such as our date of birth when signing up for “free” online services.  Other personal information we are required to give in order to abide by laws, such as applying for a driver’s license.                         


I’m also big on de-anonymizing criminals.   Supporting privacy efforts while at the same supporting de-anonymization efforts is contradictory, but realty. If you have ever been a victim of a crime where the criminal got away with it, you probably feel the same.  Both aspects contradict each other, where I want to have individual privacy but at the same time, I want to be able to de-anonymize someone who is committing crimes facilitated with technology.  What a dilemma...

I tend to focus on de-anonymization of criminals more since we are on a never-ending trend of breaches, hacks, and theft of personal information, let alone crimes against persons using technology. Two of my books were solely focused on the topic.  During presentations on the subject, I have regularly been questioned on “How do I…” in this case or that case from investigators* looking for the magic bullet.  Given just a 15 second brief of an investigation that has been ongoing for months, my typical answer is – the answer is there, you just have to find it. 

Secret Tip: there is no magic bullet until there is one.

The magic bullet in almost every case is a mistake made by the suspect.  An oversight.  An error.  A bad decision.  Or just plain ignorance.  All on the part of the suspect.  But a mistake by itself is not enough to crack a case.  You, the investigator or the analyst, need to catch that mistake.  You have to look for it constantly.  You have to expect to find where the suspect made the error because if you don’t have the intention to find the criminal’s mistakes, you will not find them.  That is when you find the magic bullet to solve your case, by looking for it and not hoping it drops in your lap.

When you do find the break in an analysis or investigation, everything becomes clear and appears to be such an easy thing that you wonder why you didn’t think of it before.  The fact is, finding the errors is not always simple or easy.  The little mistakes are usually hidden in tons of data and easily overlooked.  Sometimes the answer is plain view and no one sees it. Even when you find the suspect’s mistake, if you do not recognize it for what it is, you will quickly pass it and keep looking without realizing you could have solved your case a few minutes prior.

The steps in finding these mistakes made suspects are:

If you don’t have #1 above, then #2 and #3 won’t matter since you won’t be able to identify the evidence or clues you need.  The first things I do in any case is determine the goal or goals. Sometimes the goal is either dictated by someone else or it is obvious.  If the goal is not dictated or obvious, you have to identify the goal or again, step #1 is useless which renders #2 and #3 just as useless.

When you work with these 3 steps, the 6-Ws naturally come up in the case (the 6-Ws: who, what, when, where, how, why).  You need the above 3 steps as your foundation to actually work a case in order to get to the 6 Ws.  Focus on the 3 and the world is yours.  A tip: not everyone does this.  Many many examiners/investigators/analysts simply collect data without reason other than to collect data with the hope the case solves itself.  Don't be that person.

When I was a new investigator, it seemed that every case I received was like Groundhog Day.  No case was like the last, no evidence was consistent among the cases, and the goals were sporadic (other than “find the bad guy”).  Basically, every day I was starting over as new in each assigned case. In time, I learned a few things from experienced investigators, other things I learned the hard way.   In more than one case, I would be given a hint or a tip that would put me on a path to close a case.  A question as simple as, “Did you try this?” or “Did you look here?” was all I needed to plow ahead.  Sometimes, i would figure out an easy way or more effective means of gathering information and intelligence.  Many training courses focus on the technical means, but not the thinking part.  It's nice to know how to recover deleted event logs, but why? If you don't know why you should do it, you won't get anything out of it because you won't see the clues.

In cases with electronic media, the process is the same as in any investigation you have, whether it is a criminal or civil case (or even an internal corporate matter).  Define the goal so you know what to look for, know where to look, and figure out how to look for it.  Apply this to every case and incident you have and your case closure rates will be much better with less work.

For example, a case involving an unidentified cyber-criminal who is ‘hiding behind the keyboard’ clearly means that the what is anything that ties directly to the criminal.  The specifics of the what is important. The where depends on what you have to work with.  Perhaps you have an email, or network traffic, or maybe even physical media.  Somewhere in that data is the where and you need to know in what part of that data you should be looking.  The how is maybe the easiest part.  Maybe you need to look at metadata, or reverse engineer a file, or simply recover a deleted file.  That’s the manual labor part.  You need to work the brain part first, otherwise the labor will be for nothing.  

Recent cases in the news have shown that this method of investigation works on the most difficult of cases.  I must stress that when you see that a major case was solved by the simple piece of evidence of identifying an email address, that this is not so simple.  Every case has at least one error that was made by the suspect, and to discount looking for that mistake is a mistake on your part.

Any case where the article states that, “Oh, the case was easily solved because the suspect forget his email was in the code” seriously discounts the effort of the investigator who took the time to know what to look for, where to look for it, and how to look for it.  Cold cases are solved the very same way.

It’s not the size of the dog in the fight, but the size of the fight in the dog.

This is what I have been teaching for almost 20 years now.  I believe that anyone from any place in any job with any education level can be a superb investigator.   I have met young investigators from small towns who can run circles around someone with 10 times their experience and education in the largest agencies because they apply the foundation principles of what it takes to solve a case.  Once they learn the how of digital forensics, they are just as effective in the digital world as if they were working a street corner robbery.  It’s not a diploma, or a certificate, or a coin in your pocket that makes you good.  You make yourself good.  If you happen to collect some tokens along the way, add them to a shadow box, but bragging about having certs has no weight if you can't work a case.

Another benefit of getting the investigative skills down is that you can apply it to other areas and other types of cases.  If you have the desire and can finesse the skill, you can run with the big dogs in working any type of case.  I truly mean that in every sense.  My first investigator duties, after being a patrol officer, was a narcotics detective.  I used the skills learned in narcs to solve murders, uncover and disrupt organized crime groups, identify terrorists, and work all types of crimes involving technology.   

Be prepared that when you start solving cases by finding the “easy” things, that those around you will call you names, like lucky or you only solved the case because of a suspect's mistake. Just smile and carry on.  After enough cases, you won’t be called lucky anymore; you will be called good and that is the goal: be good at what you do. 

 

* I use the term “investigator” to apply to anyone who has the job to find information, curate into intelligence, on which assumptions, conclusions, and judgments can be made.  That means a police detective, federal agent, incident responder, or forensic examiner.

 

 

 

 

502 Hits

Placing the Suspect Behind the Keyboard online course

My newest course is out and it is the best course you will find on the topic.  More than 12 hours of investigative methods and effective techniques to build a case against criminals who use technology to commit crimes.  

  • Learn the methods to track criminals online and in the real world
  • Learn the tricks of the trade (tradecraft) of covert communications and breaking those communications
  • Learn how to build a case that would not have been closed without this course
  • Learn the one thingI that will give you the tools to become not only a great forensicator, but someone that can place a suspect behind the keyboard

Placing the Suspect Behind the Keyboard was the first digital forensics book focusing on building a good case on criminals who use technology to commit crimes. This also the first course teaching that specific topic.  My intention with this online course is to put you into the mindset of someone working toward identifying the suspect, gathering evidence on the suspect, and proving allegations against your suspect; in effect, placing the suspect behind the keyboard.


If your career has been like mine, most cases are fairly straightforward. Perhaps a suspect was already identified and most of the evidence already seized.  In many cases, whether it is a criminal arrest or being hired as a private consultant, generally, you start with all you need to begin examining the media.  But if your career is like mine, there have been a few cases where that is simply not the case.  This course is not only for the easy cases, but especially for the tough ones.Holistically, this course covers everything you need, whether working in the private or public sector.  Investigative techniques are discussed for both sectors as many methods can be used in both case types.  A few sections are LE-only simply because citizens cannot wiretap other citizens (as an example), however, you can see the differences between a method used by law enforcement and the private sector.  Practically speaking however, the actual methods are the same.  A forensic analysis of a flash drive in a criminal case is not different than in a civil case, nor are the methods to tie a person to a device different.

This course is not just for the average case, but developed especially to address the difficult cases.

Cases where the suspect has not been identified.  Cases where the electronic evidence has not been seized.  Cases where there are many suspects.  Cases where the evidence linking the suspect to the device or crime is weak at best.  For those cases, you need to take extra measures, think out of the box, and use everything at your disposal.  You have to work at putting the suspect behind the keyboard, because if you don’t, it won’t happen. 

Don’t let your case go to the cold-case files.  Solve it!  This course shows you how to do it.  The books detail even more on how to put cases together, especially the really difficult cases where you have little to go.  As for incident response cases (breaches), this is not a course on mitigating a breach, or tracking hackers in cyberspace.  Although, many of the methods will work for just that.   Incident Response can benefit greatly for the sake of sometimes the suspect in a breach must be caught for a variety of reasons.  This course and books brings it to you.

The Placing the Suspect Behind the Keyboard online course uses the same material as the 2-day workshop with the biggest difference being not working actual cases in class.  As a side note, in a previous class, a suicide case was reopened as a potential homicide case based on course methods in the class!  The methods are proven to work.

FAQ:

Is there a discount for a bulk order?

With 50%, two free books, and free access to the X-Ways Forensics Practitioner's Guide course, there are no bulk discounts.

My agency/company will take a week or two to get approval to pay.  Can the discount be extended?

Send me an email at This email address is being protected from spambots. You need JavaScript enabled to view it. and let me know.  I can extend to get approval, but not for too long.

Will there be another promotion after this one?

Most probably, but it won't be (1) 50% off, and (2) may not include the two books, and (3) most likely won't include access to the X-Ways Forensics Practitioner's Guide course.  This is the best time to get both courses and both books at this price.

1340 Hits

Forensic 4:cast awards.... VOTE FOR MY BOOK!! (pretty please)

Forensic 4:cast awards.... VOTE FOR MY BOOK!! (pretty please)

I am humbled again as my book,.Hiding Behind the Keyboard, has been nominated for the Forensic 4:cast Digital Forensic Book of the Year.  It would be my honor if you would vote for the book. 

The two competing books are also great books, but this one is mine ?

I wrote this book primarily as a follow up to my first book, Placing the Suspect Behind the Keyboard, by adding more topics and material.  John Bair of Tacoma Police Department, helped immensely with the mobile forensic material for which he is an amazing expert.

For both Placing the Suspect Behind the Keyboard and Hiding Behind the Keyboard, the intention is to put the reader into the mindset of a detective in order to close a case.  “Closing a case” means to thoroughly

  • investigate (both in the physical world and the digital world)
  • find and evaluate evidence
  • put together inferences
  • draw reasonable suspicions and conclusions
  • eliminate potential suspects
  • identify the real criminals, and
  • build such a great case that the defense chokes on the evidence

In short, the books are intended to show how an investigator can make a case and close it.  In both books, I have practically littered the pages with tips and tricks of the trade gained from personal experience and the experiences of the fantastic investigators I have been paired up with, from small state task forces to many federal task forces. Most of what I learned, I learned the hard way, fought through it, and kept improving on each investigation.  These books give the good stuff up front, the time saving tips spread throughout, and no nonsense in how to physically do the job.  If you work cases, I wrote the book for you.

If you investigate crimes (including civil matters, like corporate issues), you will find more than enough nuggets of gold to make your cases easier and more solid.  That was the intent of what I wrote, for you to close cases and put the criminal behind bars.

By the way, if you don't do real investigations, but write about them in fiction work...you'll find some pretty neat information on the way cyber (forensic) investigations work on the street.

Be sure to vote before May 31, 2017.  I would be grateful for your time to cast your vote and again, humbled even at the nominiation.  Note...you don't have to have bought the book to vote for it.   If you agree with the purpose of the book, your vote is most welcome.  You even can leave the entire voting selections empty except for the one best book category and just vote for my book. That would make me happy :) 

Tags:
579 Hits

The 2 Fastest and Least Expensive Ways to Learn X-Ways Forensics

***4/18/2017***

***UPDATE ON THE PROMO***

This is all you need to know: The X-Ways Forensics Practitioner's Guide online course is still available at only $119 instead of the regular tuition of $599 until April 19.

If you missed the promo for 80% with a FREE copy of the X-Ways Forensics Practitioner's Guide book, you still have time to get 80% off the online course without a free copy of the book.  This is still a great deal off the 12-hour, $599 course at only $119.  There will never be a discount this steep again for this course, so get it while you can, because the time to register is running out.

 

   

XWF Practitioner's Guide Promo Countdown! Wednesday, April 19, 2017 11:59 PM 154 Days XWF Practitioner's Guide Promo Countdown!

 

-------------------------------------------------

My advice to X-Ways Forensics users is to stop thinking you can figure it out by yourself, even if you have been using X-Ways Forensics for any length of time.  There are simply far too many nuances and hidden features that you are missing every time you try to figure it out or use on cases.  If you really want to get down and dirty to learn X-Ways Forensics fast and cheap, here is the ONLY way to do it.

  1. Buy the book (list price is $59.95)
  2. Take the online class (regular price is $599.00)

But, wouldn't you rather want to learn how to use X-Ways Forensics saving even more money?  If so, you want to sign up right now because right now is the biggest discount for the course while getting the most swag! Get up to 80% off the price PLUS a FREE copy of the book and if you act fast enough, be invited to even more FREE trainingFree book offer has expired.

If you register within the next 7 days (April 19), you can get the X-Ways Forensics Practitioner’s Guide online course at 50% off for only $299.  80% off for only $119.

**UPDATE  4/16/2017**

The promo is almost over for the free book...  

 

If you do not receive your 80% promo link via Twitter DM, email at This email address is being protected from spambots. You need JavaScript enabled to view it. and I'll email it to you.

How about even more!  The first 20 registrations will be invited to a live, 2-hr online X-Ways Forensics course with me to demonstrate using X-Ways Forensics as a triage tool and for electronic discovery (this includes using the latest build of the Windows Forensic Environment – WinFE).  These first 25 registations still receive over 12 hours of the online X-Ways Forensics Practitioner's course and a FREE COPY of the book!   The first 20 just filled up the live course, but the promo for up to 80% plus a FREE book is still good.

The course has never been discounted this deep, so this is the best time to take advantage of learning to how you can exploit X-Ways Forensics to its fullest potential, learning from your computer, on your own time, at the lowest price.  

Since 2014, more than 2,000 students have registered and taken my online courses with 24/7 access.  

“It has helped shed lights on things I have missed in the past.”  -student

“I got to say I’m enjoying the videos.” – student

Don't miss the boat!  80% off 12 hours of X-Ways Forensics Practitioner's Guide training plus a FREE COPY of the X-Ways Forensics Practitioner's Guide.  ONLY $119 for the regular $599 tuition with a free copy of the book!

http://bit.ly/xwfpromo80 expired

 

*For outside the USA, only a Kindle version is available as part of this promotion.  Registrations within the USA can choose between print or Kindle.

1806 Hits

FREEZE! Busted by the Fridge. The ways that tech influences writing fiction, making movies, and busting criminals.

One interesting investigation I had was that of a murder-for-hire in one city that the suspect used a Google search to find the victim’s home address in another city.  Simple enough crime to plan.  Google the name, find the address, do the hit.  Except in this particular case, although the suspect Googled the correct name, there were two people with the same name in the same city and he picked the wrong one.  I called this case my “Sarah Connor” case.

Fortunately, we intercepted the hit before it happened and prevented a random murder on the wrong person (as well as preventing the murder of the ‘right’ person).  In a basic sense, the suspect used the technology of one of the most advanced computer systems in the world (Google….) to attempt a murder only to choose the wrong name in a Google search hit.  This type of criminal incompetence and carelessness is commonplace.  It is also the way that most get caught. 

On the other end of the spectrum, we have Hollywood’s version of high tech crime fighting.  Minority Report with Tom Cruise showed us that not only can crimes be solved with technology, but that crimes can also be prevented with technology.  As for the technology used in the movie, it could have only been more accurate had a predictive analysis computer system been used in place of the fortune-telling humans (“Precogs”) in a big bathtub.

In a turn-key surveillance system, no person is anonymous.  Whether it is a private business or government agency, no one is immune from potentially being watched, tracked, or reported.  Private businesses use facial recognition for both improving customer service by detecting your mood through facial expressions as well as preventing crime.

“…faces of individuals caught on camera are converted into a biometric template and cross-referenced with a database for a possible match with past shoplifters or known criminals.” https://www.theguardian.com/cities/2016/mar/03/revealed-facial-recognition-software-infiltrating-cities-saks-toronto  

Criminals who try to avoid using technology are severely limited on the type of crimes they can commit.  That’s a good thing.  A drug dealer without a cell phone is like a taxi cab driver without a taxi.  It is part of the business and can be tracked, traced, monitored, intercepted, and forensically examined.  Technology is a natural and required part of any criminal’s operations.  Criminals not using technology are ineffective as criminals, for the most part.

Criminals who try to avoid surveillance technology in public, such as license plate readers and facial recognition are also extremely limited in the crimes they can commit since they would have to remain in their homes to commit crimes outside of public surveillance methods.  Even then, committing a crime in a home is not without the risk of being monitored, either by a government agency, a private corporation, or an electronic device plugged into an outlet.  If you own a Vizio television, consider yourself tracked, hacked, and sold to the highest bidder. http://www.theverge.com/2017/2/7/14527360/vizio-smart-tv-tracking-settlement-disable-settings

From Amazon’s Echo to an Internet-connected fridge, data is collected as it happens, and stored either locally on the device or on a remote server (or both).  Depending on how ‘smart’ a home is, every drop of water usage can be tracked, every door opening logged, and every person entering and leaving the home gets recorded.  This does not even include cell phone use that is tracked within the home by providers.  And the computer use!  The things we do on the computer leave traces not only on the hard drive, but also on the servers we touch with every www typed.  Criminals in their home are no more protected from being discovered than on the street.  This is a good thing.

As to the significance of some of these high tech smart home devices, consider that water usage can give inferences as to what was done in a home, such as cleaning up a crime scene…

 

https://arstechnica.com/tech-policy/2016/12/police-ask-alexa-did-you-witness-a-murder/ 

During all the years of being a detective, I did trash runs.  Lots and lots of trash runs.  I hated the trash runs until I found good evidence.  Garbage smells really bad, especially during the summer.  Digging through garbage bags in a dumpster in the middle of a hot day can make the toughest person gag or puke.  But you can get some really good information on the criminals you seek. Did I mention it can smell really bad?

That is one of the reasons I really enjoyed moving into digital forensics.  Digging through the garbage of data on a hard drive is a lot easier on the nose than digging through a dumpster.  Plus, the information you get is sometimes a lot better than what you can find in a garbage can.  There are exceptions…you won’t find the murder weapon in a folder on the C:/ drive of a hard drive unless the murder weapon was a computer program. 

You would think that with the amount of technology available and already in place that police would be able to uncover more crimes, find more criminals, and be more effective.  When a smart home can email the home owner a photo of someone ringing the doorbell, newer cars come with pre-installed GPS tracking systems, and a fridge can record a live stream of residents in the kitchen, the ease of finding evidence should be easier…right?

Not quite.

That brings us to the biggest hurdle to crime fighting: incompetency and laziness.  Government agencies are not immune to the same human fallacies found elsewhere. There are hard workers in government just as there are hard workers in the private sector.  Same holds true for laziness and incompetence, which criminals take advantage.

In any case where electronic devices are not being seized for examination, evidence is intentionally being left behind.  I am not referring to the electronic devices that are difficult to find, like a camouflaged USB device hidden within a teddy bear. I’m talking about the cell phone sitting on the car seat of the suspect arrested for burglary.  Yes. I’ve seen it happen.  Part of the reason is that unless lead is flying, most criminal cases and dispatched calls are boring to the responding officer.  As an example, with a residential burglary, the suspect is usually gone and the victim is lucky if the officer even tries to recover prints from the scene.  Stolen car?  Oh well. Fill out the report and call your insurance company.

I have been out of police work for about 10 years and I had hoped this lack of urgency in police work has changed.  But apparently not.  I recently helped someone with their stolen purse from a gym.  I got the call first instead of 911, but that’s another story.  Anyway, I showed up to give some guidance and eventually the district officers arrived.  Even after being told that video cameras faced the parking lot, and that the suspect/s went inside another victim’s car, the officers said, “The cameras probably didn’t get it”. The manager of the gym even offered up the video and said the cameras face the victim’s car... but the officers they left without even asking to see the video.  After telling the officers that the suspect/s just used the stolen credit cards in a store less than 5 miles away and that the store surely must have cameras, one of the officers said, “We can’t get much from a store’s security cameras.  You just need to call your bank to cancel your cards.” End result: File a report.  Call the banks. Get a replacement driver’s license.  Yes.  This still happens.  And criminals thrive on it.

The irony with a lack of seizing electronic evidence is that for most of the forensic examiners in law enforcement, they love to dig and dig and dig and dig through data to find the smoking gun.  It is the lifeblood of what they do.  If only the devices were seized and given to them.  Case in point:  I was called to exam a laptop of a missing teenager, six months after she was reported missing.   The detective simply did not put any reliance on a laptop, in which the teenager was religiously using for social media, as a source of important evidence.  The teen’s body was later found buried less than 5 miles from the police department where this detective drank coffee at his desk, with the laptop sitting downstairs in evidence for months.  I would have loved to examine that laptop ON THE SAME DAY the teen was reported missing.  It was virtually useless by the time I got it.

Seeing that tech should make it easier for police work, it should make it easier for writers of fiction.  It doesn’t.  I read (and write) a lot.  Technology can ruin good fiction.  No longer can a fictional criminal live his or her life under the radar.   Even the good guys can’t avoid ‘the radar’.   The Jack Reacher series should have been set in the 80s, because there is no way that Jack Reacher can roam the country without ever ringing some bells in surveillance tracking technology and live only with the technology of a single ATM card.  I was lucky that my undercover work was before the Internet really took off.  Backstopping an ID today requires way more than it did when I was undercover.

Writing fiction set in today requires knowing technology, because any scene that should have technology but doesn’t simply makes that scene unbelievable.  Same with Hollywood. Seriously.  It gets harder and harder to watch a movie that intends to be realistic without realistically using technology.   Show me a movie where no one is texting anywhere in a scene and I’ll show you a movie where technology is selectively ignored for the sake of simplicity at the cost of plausibility.

I can hear it now.  Police work is hard.  It’s not easy to get search warrants.  Not every department has a forensic unit.  We are too busy to solve crimes.  We are short-staffed. We don’t get enough training.  Blah blah blah.  I’ve heard it before and proved it can be done time and time again.  I have always believed that 10% of law enforcement do 90% of the work while 90% of law enforcement try to pawn off the remaining 10% of the work (while fighting over taking credit for it).  If just another 10% of law enforcement suddenly got a sense of urgency to require high tech investigations be a part of every crime scene, we’d reduce crime stats in half and solve twice as many crimes.

Now if only I can find a book or movie that doesn’t pretend technology doesn’t exist..

 

901 Hits

Reminder for the last discount for the X-Ways Forensics Practitioner’s Guide Online and On demand course.

If you were thinking of doing it, this is the best time since the $599 online course will only be at a discount of 60% for less than two weeks (until Dec 31, 2016) for only $235.  PLUS, registering before December 31, 2016 gets you a print copy of the book, the X-Ways Forensics Practitioner’s Guide shipped to you. Unfortunately, the book is only included for US/Canada registrants since shipping a book outside the USA or Canada costs more than the book.  Shipping to some countries costs more than the entire X-Ways online course costs.  I’m happy to ship a copy, but the shipping fees must be added.  Best bet is to order a book online that delivers locally without extreme duty fees.

Register with the 60% discount using this URL: 

Just a few notes on the online XWF course based on emails I have received:

Time limit:  You have a year to view the course as often as you want.

Software: Not included.  You don’t need it for the course, but I think you’ll want to have a license.  If you want to know how XWF compares to other tools, you can get 12 hours of instruction showing how it works and much of what it can do.  Once you start using XWF, you’ll begin to see that it can do a lot more than what the manual or any course can teach. 

About forensics: The online course doesn’t teach forensics, except to demonstrate features of XWF.  Don't expect to learn 'what is the registry' in this course.  It's all about X-Ways Forensics, to get you up and running right away.

Competence: If you go through this course (and you have a foundation of digital forensics knowledge), you’ll have enough knowledge to use XWF on a real case.

Students: If your school uses XWF, you’ll be much better off learning XWF online away from class to get the full benefit of using XWF.   School programs can only teach so much with software in courses where they must teach everything.

The book:  Through Dec 31, 2016 the X-Ways Forensics Practitioner’s Guide book (print copy) is included with your tuition (USA/Canada shipping only).   There is no other book on X-Ways Forensics available.  The next edition may not be for another year or two.  Get your copy as part of the course.  The cost savings of a book + 12 hours of X-Ways Forensics training at $235 is the best deal you can find anywhere.

Course updates: The course may be updated throughout the year when XWF has enough smaller updates to add up to a new course or updated lessons.  You get that as part of your registration.  Revisit the course throughout the year, anytime you want, from anywhere online.

XWF as a primary or other forensic tool:  If you currently use or plan to use XWF in your work, get some training.  Either this course or a course from X-Ways AG, or somewhere.  XWF is not a tool for self-learning when you need it for casework tomorrow.  Especially for a primary tool, get some training.  This course gives you the information to use it either as your primary tool or secondary tool.

If you have any questions, hit me up J

This email address is being protected from spambots. You need JavaScript enabled to view it.

 

1915 Hits

Brett's opinion on writing a DFIR book

Brett's opinion on writing a DFIR book

Let me disclaim a bit.  I don’t know everything about writing or publishing.  All I know is what I have done.  With that, I have been asked about writing books (computer/digital forensics topics) over the past few years.  Let me give my experience to anyone considering writing a forensic book.

To start, I have written three books so far, meaning that I am writing more.  Two of the three published books have had co-authors.

I’ll go through some of the questions I have been asked already.  First off, I have been flattered and humbled each time someone asks for my opinion on writing books, and each time I have answered questions about the process, I have realized that I could have done things differently or better.  Not everyone asked the exact same questions, but they are very similar.

What made you decide to publish a book?

I considered any person who wrote a book to be an ultimate expert in their field and did not feel I was at any level of credibility to write.  But, I asked someone I respected in the field who had written several books already and he said, “DO IT!”.    I’ll leave out the name of who convinced me to go for it, but suffice to say that I took his advice seriously. 

Unfortunately, all I asked was, “Should I write a book?” and didn’t ask anything about the process.  That was Mistake #1.

How did you come up with a topic to write about?

This was easy.  I thought of a book topic that I wanted to read about; a book that I would buy right then if it were on Amazon.  Of course, if the topic was already written and in print, I would not have written a book on the same thing as I just would have bought it. 

I thought about the topic of my first book (Placing the Suspect Behind the Keyboard) when I was a narcotics detective, years before I got into digital forensics.  The reason came about due to drug cases where I had a ton of cases where providing drug possession was difficult due to each incident (multiple persons in a car and a bag of cocaine under one seat, third party owner of a car, etc…).  Getting into forensics later in my police career, I came across the same issues in proving who was behind the keyboard in child exploitation cases and so forth.  So, that topic was in the making for about a decade.

My second book (X-Ways Forensics Practitioner's Guide) was written out of personal necessity. I wanted a book on how to use the forensic tool I use everyday.  I have never appreciated the X-Ways Forensics manual.  I find it hard to read, difficult to find the information I need, and would prefer something tell me exactly how to use X-Ways Forensics.  I had written a few things about X-Ways and posted online but figured a book on X-Ways Forensics would be best.  The manual does what it is intended to do: give information 'about' X-Ways Forensics, but not tell 'how' to use X-Ways Forensics.

My latest book, Hiding Behind the Keyboard, was written mainly as a follow up to my first book in order to add some updated information including some related mobile forensics information.  Both Placing the Suspect Behind the Keyboard and Hiding Behind the Keyboard complement each other and I wrote both to be long lasting with concepts that can be used with evolving technology.

Which publisher should I go with?

For me, I choose Syngress.  I have a lot of Syngress books and always check for latest releases from Syngress. There are a few other publishers that print digital forensics topics, but I just like the Syngress titles and formats.  I did not consider other publishers but should have (Mistake #2) as it makes better sense to know what other publishers offer instead of just one.

I suggest go with whichever publisher publishes books that you like and would like to write in the same manner.  What I mean by this is, some publishers have strict guidelines on how you write and what your write.  If you go with a publisher that wants your book to be a college textbook, be prepared to forego a lot of your creativity.  You may have to write at a 10th grade reading level, segregate the book into sections that can fit into a college course year or semester, plus other requirements that will make your book into a textbook.

For me, Syngress is different.  I have found that the author has so much leeway in writing that the book can be written to fit practitioners’ needs.  I enjoy forensic books that get right to the point with the author giving ‘war stories’ of how the techniques worked in real life.  I also like that Syngress books seem to speak directly to you, examiner to examiner, and not as if you are a student following a syllabus.

So, the answer is go with what fits you, and if they won’t take you, go with someone else.

Did you think about self-publishing?

I get this one a lot.  I did think about it and still do.  In fact, I will be self-publishing a book just to see how well it works.  Since I haven’t done it yet, I can’t recommend it.  What I can say about self-publishing is that you own the work.  That is a major point.  With a publisher, you don’t own the work; the publisher owns it.  That means if you want to write a 2nd edition, you can’t unless the publisher approves it.  That might be a major issue if you are writing about your own software or something you ‘own’ or ‘discovered’ on your own.

Publishing through a reputable company gives you many benefits that can outweigh ‘owning your work’.  For example, Syngress has distribution channels set up already.  Their name is heavy.  They handle everything.  Cover design, editing, payments, sales, reprints, marketing, and author support is all covered with a publisher.  That does not mean there isn’t a cost.  The author gets a piece of the pie after everyone else is paid.  That is the price to pay and if you are working cases full time, then it most likely will be a price well paid.  If you want the least amount of hassles, find a publisher.  There are always speed bumps in a book publishing process, but when you are self-publishing, those speed bumps can turn into brick walls if you don't know what you are doing.

Should I write the book first and then find a publisher?

Oh my, don’t do that.  You can if you want.  Several people that asked me had already written most of their book or finished it.  In my opinion, I think it best to have the outline and propose the outline to a publisher.  Most publishers have a form that you can fill in the blanks and submit for a book.  If they like it, you are good to go.  If not, you can try again with a different outline to fit what they believe would be a good book.  Take a look at Syngress as an example of writing and submitting a book proposal.

One thing to think about if you are planning to write first is that you might be too late.  As one example, I had considered writing about a topic, thought about it for a few weeks, put together an outline, thought about it for a few more weeks, and by the time I decided to propose the topic, I found that someone had just said they were going to write the exact same book. I took too long (Mistake #3).  I tossed my outline and learned that it is better to propose a topic as soon as you think about because if you don’t, someone else will.  If you write a book before even letting the world know about it, you risk someone else getting a contract to write the same book when they didn’t do anything other than submit a proposal.   In theory, since your book is complete, you could publish well before the other book comes out, but that is not something I would want to do.

Why did you have a co-author on some books and not another?

Well…on the first book, I had asked a few people to co-author the book with me and was turned down.  Being my first book, those rejections hit kinda hard.  I didn’t ask anyone else for fear of more rejections, so I wrote the book myself and in the end, glad that I did.  I recommend that if you are going to write several books, write at least one by yourself.  It is well worth the experience.

On the X-Ways Forensics Practitioner’s Guide, I took the chance to ask someone to be a co-author because I did not feel that I could cover the software well enough.  I had been using X-Ways Forensics since its first version (over 10 years!) but still felt I may miss something.  On a whim, I asked Eric Zimmerman and he accepted to co-write the book.  Mind you, I never met Eric, and I asked him with an email that we communicating on a separate topic.  Basically, out of the blue, I asked and he accepted.  Much easier than my first book….and of anyone in forensics to help write a book on X-Ways Forensics, Eric is the man.  I lucked out on that one.  As a side note, X-Ways Forensics has gotten a LOT MORE traction as a forensic tool due to the book, which was what I wanted.  The more people that use X-Ways Forensics, the more R&D that goes into it, and the better tool I get in the end J

For the third book, when I talked about writing it, I had several people ask to be a co-author, including some of who turned me down on my first book.  But, I had my mind set on a mobile forensics expert, who happened to be local to me.  John Bair was my first pick and I had to drive down to his office and practically con/vince him to do it, for which I am grateful he accepted.  John is one of those cops who are busy because they work and barely have time for writing a book.  I sincerely appreciated him taking time to help with the book and hopefully set him on a path of writing books in the future.

So, write one by yourself and write others with a co-author.  It just depends if you have enough expertise in a topic to write an entire book yourself, or if you need help to meet deadlines. As far as how to ask someone…just ask.  Send an email.  Call.  Mail a letter. Anything.  Just ask.  Don’t be surprised at what you get when you ask.  Those who turned me down with my first book…I know them personally, some for almost 20 years, but they turned me down.  With Eric and John, I never met either but both agreed.  You just can’t tell who will say yes and who will say no.  I recommend ONLY asking someone you really want to be a co-author.  If you asked someone the B-team because you think someone the A-team will say no, you will get what you get for a co-author. I say, go straight to the A-team.  The worst that can happen is that they say no.

How long does the process take?

I gauge the time from the date of the signed contract to the date of printing.  Anything before that day doesn’t really count.  Thinking about writing and talking about it doesn’t do much until you sign your name to get it down.

Remember that I am only talking about Syngress and my experiences, but generally expect that your book won’t be on a shelf (or Amazon) for about a year.   Most likely, you will be sending in a chapter a month until done.  Then it takes a month or so to edit it (by the publisher to fix grammar and spelling), and then maybe two or three months to print it. 

If you write faster, the book gets printed faster. If you write on time, the book is going to take time to finish.  With a co-author, you can cut the time in half.  Seriously.  You can cut the time in half.  There were several times that I thought Eric Zimmerman didn’t need sleep.  Eric is a machine.  He writes at the speed of light and I think his first drafts were practically final drafts.  John was on spot too.  When you have authors like that, your book is going to be available fast/er.

But no matter what you do, when you publish through a company, there is extra time needed than if you did it yourself.  I am certain that if Eric and I self-published, the book would have hit the stores within 5 months.  If you realize that putting a PDF on the Internet does not compare to publishing a book, you will have patience for the process.

Would you do it again?

Yep.  Doing it again already.

Do you have any suggestions on getting started?

Yep.  Go to a publisher’s website, download the book proposal form, and fill it out right now.  Then share it with trusted peers to get their opinion.  Find a co-author if you need. Then submit your proposal.  Start now because I promise you, someone is thinking about that very same topic right now.

Who pays everyone?

If you self-publish, you do.  You pay everyone.  You pay the co-author, editor, cover designer, printer, etc…

If you go through a publisher, you will have no out-of-pocket expenses, other than what you spend for your book materials (may need to buy and test software, etc…).  Everything else is taken care of by the publisher.  Part of being paid a small piece of the pie is that the finances are not your responsibility. 

How much money can I expect to make?

This is a difficult question, because Harry Potter made JK Rawlings into a billionaire and there are more books that anyone can guess that didn’t make enough to buy a cup of coffee.  The answer, like anything in forensics, is that it depends.  If you write a popular book, it will sell.  For example, the X-Ways Forensics Practitioner’s Guide sold out before the first printing was even started. It went into a second print before the book was even available.  It just all depends.  I will say that if you intend to retire off a digital forensics book, you better write something like “Harry Potter and the Cyber Criminal.”

To get a little closer to an answer, I would say that if you really are thinking about making money with this kind of book, you can make some.  At least enough for a nice vacation every year or maybe buy a new car with one of the checks.  

Any tips on the process?

Plenty. 

Co-authors: You can cut down the process if you have a co-author in a few ways. First off, share the writing and write at the same time.  For example, if you are due one chapter a month, rather than each co-author write their chapter every other month, both can write a chapter every month.  That will cut the process time in half.

Have your co-author review your chapter, and review your co-author’s chapter before submitting them each month. That cuts the tech editor’s time down to almost nothing.  It also cuts the final editing down as well.

Tracking changes: Use a file sharing program to keep track of the chapters.  DO NOT email drafts between authors and your publisher until they are FINAL.  When you email a draft to your co-author, and then you receive a draft from your co-author, then another, then one gets crossed in an email, you will all be confused to which draft is the current draft.  Some changes may even be missed.  Use something like SpiderOak or Dropbox.   Edit the files there so that all changes are tracked.  Which brings up tracked changed. Use MS Word and turn on tracked changes.  If you have never used tracked changes before, research it and you will see that it is the only way to go to keep track of changes. 

Timeliness: Get your chapters done early.  A month may seem like a long time, but I promise you that you will have one or more days that get too close to the deadline.  Procrastination is not an author’s friend.  If you are a procrastinator, don’t self-publish because it won’t happen.

Contributors, helpers, co-authors: There are a lot of people you can call upon to help with your book, and you need some of these regardless.  A co-author is optional, but like I mentioned, can be beneficial.  If you are thinking of a co-author, go straight to the A-team.  Don’t be shy.  Be prepared for a rejection, but such is life.

A tech-editor is a necessity in this field to make sure that what you think is correct is.  You don’t want to profess a forensic method to work when you are wrong.  Have your work peer-reviewed by a tech-editor.  The good thing is that you can usually pick your tech-editor.  As with going for the A-team with a co-author, the same theory applies to your tech editor.  Look at books you read, courses you attended, experts you see listed online, and pick who you want to review your work.  Ask and cross your fingers.  Then keep asking until someone says yes.  And if no one says yes, ask your publisher to find one, which they usually can if needed.

Contributors work the same way.  If there is just a single topic in a single chapter that you need help with and want a contributor, just find one and ask.  That’s all there is to it.  Add their name to the book as a contributor, the publisher takes care of the contract and payment. 

Errors: You will do your best to not make grammatical errors.  Your tech-editor will try to catch grammar errors (even though they focus on the accuracy of information more than grammar), your co-author will try to catch your errors, and the final editor (from the publishers, who I assume have PhDs in English…) will try to find any remaining errors.  BUT, there will still be a grammar, spelling, or sentence error of some sort that happens.  I have a book on my shelf that has the author’s name MISPELLED on the back cover.  These happen.  It is expected. Just do your best to minimize them.

Opinions: Before and during the process, ask opinions from those you respect, about what you are writing and intend to write.  If you hear a lot of, ‘that’s not something I would want to read or buy”, take it to heart.  You are writing for people to read it, otherwise, stick to a diary.   This doesn’t mean to forego your ideas and creativity, but be sure to write something that people want to learn about too.

Complimentary books: You will most likely get a set number of books from your publisher as complimentary copies to do with as you wish.   I suggest that instead of sending a book to mom, a book to your brother, and some to your friends who nothing to do with forensics, send them to someone who will write a review.  Your mom is going to love your book, but most likely, she isn’t going to understand what you wrote unless she does forensics.  Sure, keep one for your shelf, but give away the others to those who would have bought it.

Here comes the strange part about the comp books.  I’ve given all of my comp books away and politely asked for public reviews (on Amazon or their blogs).  Of the 99% I sent (I kept one of each book…), less than half wrote a review anywhere. I could have given the other half to family and friends and gotten a better response. Oh well.  Apparently, this seems to be the case across the board as I’ve asked and heard the same thing from other writers.  As a kind suggestion, if you ever get a comp copy of a book, write a review on Amazon.  It will be appreciated greatly.

One more thing on the comp copies.  After the comp copies are gone (maybe there were 10 or 20), they are gone.  The author does not have a never-ending supply of ‘free’ books.  If you get a book from an author that is not a com copy, that means the author bought it, usually at full price.  With bulk orders, there is a discount, but the discount is usually not better than what can be found on Amazon.  A friend of mine (in forensics) was over to visit one day and saw one of my books on my shelf.  I asked if he wanted to look at it and he thought I said, “do you want to have a free copy of my only copy left of the book I wrote?”.  And he took it…..so when a book cost $59.95, that is the price the author pays too….for the book that s/he wrote…therefore…reviews are a nice way to say thanks for book.

Practice first: I wrote a few PDFs that were put online.   Some call these “white papers”, but in reality, when we write these, they are essays that may or may not be peer reviewed.    However, they hold weight in (1) experience in writing that publishers will look at, (2) as in informal surveys in how readers respond to your writing and ideas, and (3) testing the waters of putting yourself out there.

The scariest thing is putting yourself out in the public eye.  Most of us in this field are hyper-paranoid of everything.  Few of us jump into the water without putting our toes in first.  Those who do are not any braver than you.  They just say to themselves, “screw it, I’m doing it”.   Our paranoia comes from the risks of being doxed online because we put our names online (take a look at Brian Kreb’s experiences and you’ll see what I mean).  Others are afraid of having their written words used against them in court on a case by an opposing expert or opposing counsel.   And some are just too shy or embarrassed.

My opinion on public exposure is that when you publish something, you are reputable.  For example, if you publish a book through a noted publisher, such as Syngress or Cengage, your book has been peer reviewed to the max.  It has been professionally published, reviewed, printed, marketed, and will be used as citations around the world. If you don’t want your words used in a students graduate thesis, or as fodder in a court case as a citation, or cited in other books, then don’t write.   But if you want your name to be in the same sentence as ‘expert’ or ‘reputable’ or ‘published’, then write.   Sign your name and jump into the water.  It will be either warm or cold, but jump in.

If you are curious if any of your past works (white papers/PDFs) online have been cited by others, check out https://scholar.google.com/.   You may find that your works are already being touted by others as cited works.

For the readers out there, this is for you.

Dude, when you review books, be kind.  If you didn’t really the book, there isn’t a need to slam the author.  Simply say that you didn’t enjoy the book because of a, b, and c.  I’ve seen reviews of some books (thankfully not my own!) that were down right cruel.  Let’s be nice people.  No one writing a digital forensics book will be retiring off that book and really took a risk of jumping into the public eye.

These are just my opinions.  I would suggest checking out some older posts from Harlan Carvey’s blog (https://windowsir.blogspot.com/2014/05/book-writing-to-self-publish-or-not.html) on publishing.  He has written some good advice on publishing, and like I mentioned, everyone is going to have different experiences.

Lastly, if you have read this entire blog post, that talks about writing a book on some topic in digital forensics, that means you have thought about doing it.   And reading this post to the end means you even have a topic or two that you believe would make a good book.  That means I am speaking directly to you at this point and suggesting that you DO IT!

 

 

1157 Hits

The Value of a Good Book in the Forensics World of Things

My personal library of digital forensics books has grown from two books to two shelves of books.  All nonfiction.  All technical.  All specific to specific sub-topics in digital forensics.  My fiction bookshelf is full too, but my nonfiction bookshelf is most important since I have dog-eared and marked up each one as references.

I have bought and read so many digital forensics books that when I see a good forensic book on Amazon, I have to double-check my collection to make sure I don’t order the same book twice.  I’ve even published three digital forensics books and they also sit on my shelf because I even refer back to them as needed…and I wrote them!

When I first started in digital forensics, it was called “computer forensics”.  This was in the days of yanking out the plug from the back of the machine, seizing every mouse and keyboard, and imaging every piece of media for full exams that took weeks for each one. Training was hard to come by unless you could afford to travel for weeks on end across country. 

Luckily, I was lucky. My employer (a police department) sent me everywhere.  West coast, east coast, and the mid west.  I had in my collection about three forensics books because there weren’t any others I could find.  These few books were so generic that as a reference in doing the actual job, they were mostly books giving a 10-mile high overview of what to do.

My very first forensic case was a child pornography and child rape case that involved “one” computer in a single-family residence.  I was told it was “one” computer, but when the search warrant was served, I found a home network consisting of a server with 25 computers connected to it…plus more than 50 hard drives laying around EVERYWHERE in the house and probably no less than 500 CDs.  Wires were everywhere, tacked to the ceiling, in the attic, and under the carpet.  Some computers were running, others off.  The case detective simply said, “Get to work.”  And I had three books as a reference and training to rely on.  I was also the only forensics examiner in the department…that was a long day and the three books were of no help.

After surviving that case, I have seen more books on sub-topics of sub-topics in the field of forensics get published month-after-month.   With each book, I keep saying, “I sure wish I had this book a few years ago.”  Three of the books I wrote were books that I was waiting for someone to write, but got impatient and did it myself (with help from two other co-authors).  The books published today in the field of digital forensic and incident response are simply invaluable.  Anyone starting out today in the field has a wealth of information to draw upon, which is a good thing.

On top of the nonfiction books I have already published (including ghost writing book projects), I have a few fiction books wrapped up and ready to go.  Soon….hopefully soon…they will be published and put on my fiction bookshelf, and when they do, it will be something I’ll be talking quite a bit about.  The value of a good fiction book is just as important as the nonfiction.  Fiction may not be able to help you with your job like a good nonfiction book can, but it certainly can give you some good reading with a good story.

765 Hits