Brett's opinion on writing a DFIR book

Brett's opinion on writing a DFIR book

Let me disclaim a bit.  I don’t know everything about writing or publishing.  All I know is what I have done.  With that, I have been asked about writing books (computer/digital forensics topics) over the past few years.  Let me give my experience to anyone considering writing a forensic book.

To start, I have written three books so far, meaning that I am writing more.  Two of the three published books have had co-authors.

I’ll go through some of the questions I have been asked already.  First off, I have been flattered and humbled each time someone asks for my opinion on writing books, and each time I have answered questions about the process, I have realized that I could have done things differently or better.  Not everyone asked the exact same questions, but they are very similar.

What made you decide to publish a book?

I considered any person who wrote a book to be an ultimate expert in their field and did not feel I was at any level of credibility to write.  But, I asked someone I respected in the field who had written several books already and he said, “DO IT!”.    I’ll leave out the name of who convinced me to go for it, but suffice to say that I took his advice seriously. 

Unfortunately, all I asked was, “Should I write a book?” and didn’t ask anything about the process.  That was Mistake #1.

How did you come up with a topic to write about?

This was easy.  I thought of a book topic that I wanted to read about; a book that I would buy right then if it were on Amazon.  Of course, if the topic was already written and in print, I would not have written a book on the same thing as I just would have bought it. 

I thought about the topic of my first book (Placing the Suspect Behind the Keyboard) when I was a narcotics detective, years before I got into digital forensics.  The reason came about due to drug cases where I had a ton of cases where providing drug possession was difficult due to each incident (multiple persons in a car and a bag of cocaine under one seat, third party owner of a car, etc…).  Getting into forensics later in my police career, I came across the same issues in proving who was behind the keyboard in child exploitation cases and so forth.  So, that topic was in the making for about a decade.

My second book (X-Ways Forensics Practitioner's Guide) was written out of personal necessity. I wanted a book on how to use the forensic tool I use everyday.  I have never appreciated the X-Ways Forensics manual.  I find it hard to read, difficult to find the information I need, and would prefer something tell me exactly how to use X-Ways Forensics.  I had written a few things about X-Ways and posted online but figured a book on X-Ways Forensics would be best.  The manual does what it is intended to do: give information 'about' X-Ways Forensics, but not tell 'how' to use X-Ways Forensics.

My latest book, Hiding Behind the Keyboard, was written mainly as a follow up to my first book in order to add some updated information including some related mobile forensics information.  Both Placing the Suspect Behind the Keyboard and Hiding Behind the Keyboard complement each other and I wrote both to be long lasting with concepts that can be used with evolving technology.

Which publisher should I go with?

For me, I choose Syngress.  I have a lot of Syngress books and always check for latest releases from Syngress. There are a few other publishers that print digital forensics topics, but I just like the Syngress titles and formats.  I did not consider other publishers but should have (Mistake #2) as it makes better sense to know what other publishers offer instead of just one.

I suggest go with whichever publisher publishes books that you like and would like to write in the same manner.  What I mean by this is, some publishers have strict guidelines on how you write and what your write.  If you go with a publisher that wants your book to be a college textbook, be prepared to forego a lot of your creativity.  You may have to write at a 10th grade reading level, segregate the book into sections that can fit into a college course year or semester, plus other requirements that will make your book into a textbook.

For me, Syngress is different.  I have found that the author has so much leeway in writing that the book can be written to fit practitioners’ needs.  I enjoy forensic books that get right to the point with the author giving ‘war stories’ of how the techniques worked in real life.  I also like that Syngress books seem to speak directly to you, examiner to examiner, and not as if you are a student following a syllabus.

So, the answer is go with what fits you, and if they won’t take you, go with someone else.

Did you think about self-publishing?

I get this one a lot.  I did think about it and still do.  In fact, I will be self-publishing a book just to see how well it works.  Since I haven’t done it yet, I can’t recommend it.  What I can say about self-publishing is that you own the work.  That is a major point.  With a publisher, you don’t own the work; the publisher owns it.  That means if you want to write a 2nd edition, you can’t unless the publisher approves it.  That might be a major issue if you are writing about your own software or something you ‘own’ or ‘discovered’ on your own.

Publishing through a reputable company gives you many benefits that can outweigh ‘owning your work’.  For example, Syngress has distribution channels set up already.  Their name is heavy.  They handle everything.  Cover design, editing, payments, sales, reprints, marketing, and author support is all covered with a publisher.  That does not mean there isn’t a cost.  The author gets a piece of the pie after everyone else is paid.  That is the price to pay and if you are working cases full time, then it most likely will be a price well paid.  If you want the least amount of hassles, find a publisher.  There are always speed bumps in a book publishing process, but when you are self-publishing, those speed bumps can turn into brick walls if you don't know what you are doing.

Should I write the book first and then find a publisher?

Oh my, don’t do that.  You can if you want.  Several people that asked me had already written most of their book or finished it.  In my opinion, I think it best to have the outline and propose the outline to a publisher.  Most publishers have a form that you can fill in the blanks and submit for a book.  If they like it, you are good to go.  If not, you can try again with a different outline to fit what they believe would be a good book.  Take a look at Syngress as an example of writing and submitting a book proposal.

One thing to think about if you are planning to write first is that you might be too late.  As one example, I had considered writing about a topic, thought about it for a few weeks, put together an outline, thought about it for a few more weeks, and by the time I decided to propose the topic, I found that someone had just said they were going to write the exact same book. I took too long (Mistake #3).  I tossed my outline and learned that it is better to propose a topic as soon as you think about because if you don’t, someone else will.  If you write a book before even letting the world know about it, you risk someone else getting a contract to write the same book when they didn’t do anything other than submit a proposal.   In theory, since your book is complete, you could publish well before the other book comes out, but that is not something I would want to do.

Why did you have a co-author on some books and not another?

Well…on the first book, I had asked a few people to co-author the book with me and was turned down.  Being my first book, those rejections hit kinda hard.  I didn’t ask anyone else for fear of more rejections, so I wrote the book myself and in the end, glad that I did.  I recommend that if you are going to write several books, write at least one by yourself.  It is well worth the experience.

On the X-Ways Forensics Practitioner’s Guide, I took the chance to ask someone to be a co-author because I did not feel that I could cover the software well enough.  I had been using X-Ways Forensics since its first version (over 10 years!) but still felt I may miss something.  On a whim, I asked Eric Zimmerman and he accepted to co-write the book.  Mind you, I never met Eric, and I asked him with an email that we communicating on a separate topic.  Basically, out of the blue, I asked and he accepted.  Much easier than my first book….and of anyone in forensics to help write a book on X-Ways Forensics, Eric is the man.  I lucked out on that one.  As a side note, X-Ways Forensics has gotten a LOT MORE traction as a forensic tool due to the book, which was what I wanted.  The more people that use X-Ways Forensics, the more R&D that goes into it, and the better tool I get in the end J

For the third book, when I talked about writing it, I had several people ask to be a co-author, including some of who turned me down on my first book.  But, I had my mind set on a mobile forensics expert, who happened to be local to me.  John Bair was my first pick and I had to drive down to his office and practically con/vince him to do it, for which I am grateful he accepted.  John is one of those cops who are busy because they work and barely have time for writing a book.  I sincerely appreciated him taking time to help with the book and hopefully set him on a path of writing books in the future.

So, write one by yourself and write others with a co-author.  It just depends if you have enough expertise in a topic to write an entire book yourself, or if you need help to meet deadlines. As far as how to ask someone…just ask.  Send an email.  Call.  Mail a letter. Anything.  Just ask.  Don’t be surprised at what you get when you ask.  Those who turned me down with my first book…I know them personally, some for almost 20 years, but they turned me down.  With Eric and John, I never met either but both agreed.  You just can’t tell who will say yes and who will say no.  I recommend ONLY asking someone you really want to be a co-author.  If you asked someone the B-team because you think someone the A-team will say no, you will get what you get for a co-author. I say, go straight to the A-team.  The worst that can happen is that they say no.

How long does the process take?

I gauge the time from the date of the signed contract to the date of printing.  Anything before that day doesn’t really count.  Thinking about writing and talking about it doesn’t do much until you sign your name to get it down.

Remember that I am only talking about Syngress and my experiences, but generally expect that your book won’t be on a shelf (or Amazon) for about a year.   Most likely, you will be sending in a chapter a month until done.  Then it takes a month or so to edit it (by the publisher to fix grammar and spelling), and then maybe two or three months to print it. 

If you write faster, the book gets printed faster. If you write on time, the book is going to take time to finish.  With a co-author, you can cut the time in half.  Seriously.  You can cut the time in half.  There were several times that I thought Eric Zimmerman didn’t need sleep.  Eric is a machine.  He writes at the speed of light and I think his first drafts were practically final drafts.  John was on spot too.  When you have authors like that, your book is going to be available fast/er.

But no matter what you do, when you publish through a company, there is extra time needed than if you did it yourself.  I am certain that if Eric and I self-published, the book would have hit the stores within 5 months.  If you realize that putting a PDF on the Internet does not compare to publishing a book, you will have patience for the process.

Would you do it again?

Yep.  Doing it again already.

Do you have any suggestions on getting started?

Yep.  Go to a publisher’s website, download the book proposal form, and fill it out right now.  Then share it with trusted peers to get their opinion.  Find a co-author if you need. Then submit your proposal.  Start now because I promise you, someone is thinking about that very same topic right now.

Who pays everyone?

If you self-publish, you do.  You pay everyone.  You pay the co-author, editor, cover designer, printer, etc…

If you go through a publisher, you will have no out-of-pocket expenses, other than what you spend for your book materials (may need to buy and test software, etc…).  Everything else is taken care of by the publisher.  Part of being paid a small piece of the pie is that the finances are not your responsibility. 

How much money can I expect to make?

This is a difficult question, because Harry Potter made JK Rawlings into a billionaire and there are more books that anyone can guess that didn’t make enough to buy a cup of coffee.  The answer, like anything in forensics, is that it depends.  If you write a popular book, it will sell.  For example, the X-Ways Forensics Practitioner’s Guide sold out before the first printing was even started. It went into a second print before the book was even available.  It just all depends.  I will say that if you intend to retire off a digital forensics book, you better write something like “Harry Potter and the Cyber Criminal.”

To get a little closer to an answer, I would say that if you really are thinking about making money with this kind of book, you can make some.  At least enough for a nice vacation every year or maybe buy a new car with one of the checks.  

Any tips on the process?

Plenty. 

Co-authors: You can cut down the process if you have a co-author in a few ways. First off, share the writing and write at the same time.  For example, if you are due one chapter a month, rather than each co-author write their chapter every other month, both can write a chapter every month.  That will cut the process time in half.

Have your co-author review your chapter, and review your co-author’s chapter before submitting them each month. That cuts the tech editor’s time down to almost nothing.  It also cuts the final editing down as well.

Tracking changes: Use a file sharing program to keep track of the chapters.  DO NOT email drafts between authors and your publisher until they are FINAL.  When you email a draft to your co-author, and then you receive a draft from your co-author, then another, then one gets crossed in an email, you will all be confused to which draft is the current draft.  Some changes may even be missed.  Use something like SpiderOak or Dropbox.   Edit the files there so that all changes are tracked.  Which brings up tracked changed. Use MS Word and turn on tracked changes.  If you have never used tracked changes before, research it and you will see that it is the only way to go to keep track of changes. 

Timeliness: Get your chapters done early.  A month may seem like a long time, but I promise you that you will have one or more days that get too close to the deadline.  Procrastination is not an author’s friend.  If you are a procrastinator, don’t self-publish because it won’t happen.

Contributors, helpers, co-authors: There are a lot of people you can call upon to help with your book, and you need some of these regardless.  A co-author is optional, but like I mentioned, can be beneficial.  If you are thinking of a co-author, go straight to the A-team.  Don’t be shy.  Be prepared for a rejection, but such is life.

A tech-editor is a necessity in this field to make sure that what you think is correct is.  You don’t want to profess a forensic method to work when you are wrong.  Have your work peer-reviewed by a tech-editor.  The good thing is that you can usually pick your tech-editor.  As with going for the A-team with a co-author, the same theory applies to your tech editor.  Look at books you read, courses you attended, experts you see listed online, and pick who you want to review your work.  Ask and cross your fingers.  Then keep asking until someone says yes.  And if no one says yes, ask your publisher to find one, which they usually can if needed.

Contributors work the same way.  If there is just a single topic in a single chapter that you need help with and want a contributor, just find one and ask.  That’s all there is to it.  Add their name to the book as a contributor, the publisher takes care of the contract and payment. 

Errors: You will do your best to not make grammatical errors.  Your tech-editor will try to catch grammar errors (even though they focus on the accuracy of information more than grammar), your co-author will try to catch your errors, and the final editor (from the publishers, who I assume have PhDs in English…) will try to find any remaining errors.  BUT, there will still be a grammar, spelling, or sentence error of some sort that happens.  I have a book on my shelf that has the author’s name MISPELLED on the back cover.  These happen.  It is expected. Just do your best to minimize them.

Opinions: Before and during the process, ask opinions from those you respect, about what you are writing and intend to write.  If you hear a lot of, ‘that’s not something I would want to read or buy”, take it to heart.  You are writing for people to read it, otherwise, stick to a diary.   This doesn’t mean to forego your ideas and creativity, but be sure to write something that people want to learn about too.

Complimentary books: You will most likely get a set number of books from your publisher as complimentary copies to do with as you wish.   I suggest that instead of sending a book to mom, a book to your brother, and some to your friends who nothing to do with forensics, send them to someone who will write a review.  Your mom is going to love your book, but most likely, she isn’t going to understand what you wrote unless she does forensics.  Sure, keep one for your shelf, but give away the others to those who would have bought it.

Here comes the strange part about the comp books.  I’ve given all of my comp books away and politely asked for public reviews (on Amazon or their blogs).  Of the 99% I sent (I kept one of each book…), less than half wrote a review anywhere. I could have given the other half to family and friends and gotten a better response. Oh well.  Apparently, this seems to be the case across the board as I’ve asked and heard the same thing from other writers.  As a kind suggestion, if you ever get a comp copy of a book, write a review on Amazon.  It will be appreciated greatly.

One more thing on the comp copies.  After the comp copies are gone (maybe there were 10 or 20), they are gone.  The author does not have a never-ending supply of ‘free’ books.  If you get a book from an author that is not a com copy, that means the author bought it, usually at full price.  With bulk orders, there is a discount, but the discount is usually not better than what can be found on Amazon.  A friend of mine (in forensics) was over to visit one day and saw one of my books on my shelf.  I asked if he wanted to look at it and he thought I said, “do you want to have a free copy of my only copy left of the book I wrote?”.  And he took it…..so when a book cost $59.95, that is the price the author pays too….for the book that s/he wrote…therefore…reviews are a nice way to say thanks for book.

Practice first: I wrote a few PDFs that were put online.   Some call these “white papers”, but in reality, when we write these, they are essays that may or may not be peer reviewed.    However, they hold weight in (1) experience in writing that publishers will look at, (2) as in informal surveys in how readers respond to your writing and ideas, and (3) testing the waters of putting yourself out there.

The scariest thing is putting yourself out in the public eye.  Most of us in this field are hyper-paranoid of everything.  Few of us jump into the water without putting our toes in first.  Those who do are not any braver than you.  They just say to themselves, “screw it, I’m doing it”.   Our paranoia comes from the risks of being doxed online because we put our names online (take a look at Brian Kreb’s experiences and you’ll see what I mean).  Others are afraid of having their written words used against them in court on a case by an opposing expert or opposing counsel.   And some are just too shy or embarrassed.

My opinion on public exposure is that when you publish something, you are reputable.  For example, if you publish a book through a noted publisher, such as Syngress or Cengage, your book has been peer reviewed to the max.  It has been professionally published, reviewed, printed, marketed, and will be used as citations around the world. If you don’t want your words used in a students graduate thesis, or as fodder in a court case as a citation, or cited in other books, then don’t write.   But if you want your name to be in the same sentence as ‘expert’ or ‘reputable’ or ‘published’, then write.   Sign your name and jump into the water.  It will be either warm or cold, but jump in.

If you are curious if any of your past works (white papers/PDFs) online have been cited by others, check out https://scholar.google.com/.   You may find that your works are already being touted by others as cited works.

For the readers out there, this is for you.

Dude, when you review books, be kind.  If you didn’t really the book, there isn’t a need to slam the author.  Simply say that you didn’t enjoy the book because of a, b, and c.  I’ve seen reviews of some books (thankfully not my own!) that were down right cruel.  Let’s be nice people.  No one writing a digital forensics book will be retiring off that book and really took a risk of jumping into the public eye.

These are just my opinions.  I would suggest checking out some older posts from Harlan Carvey’s blog (https://windowsir.blogspot.com/2014/05/book-writing-to-self-publish-or-not.html) on publishing.  He has written some good advice on publishing, and like I mentioned, everyone is going to have different experiences.

Lastly, if you have read this entire blog post, that talks about writing a book on some topic in digital forensics, that means you have thought about doing it.   And reading this post to the end means you even have a topic or two that you believe would make a good book.  That means I am speaking directly to you at this point and suggesting that you DO IT!

 

 

Rate this blog entry:
0
1579 Hits

The Value of a Good Book in the Forensics World of Things

My personal library of digital forensics books has grown from two books to two shelves of books.  All nonfiction.  All technical.  All specific to specific sub-topics in digital forensics.  My fiction bookshelf is full too, but my nonfiction bookshelf is most important since I have dog-eared and marked up each one as references.

I have bought and read so many digital forensics books that when I see a good forensic book on Amazon, I have to double-check my collection to make sure I don’t order the same book twice.  I’ve even published three digital forensics books and they also sit on my shelf because I even refer back to them as needed…and I wrote them!

When I first started in digital forensics, it was called “computer forensics”.  This was in the days of yanking out the plug from the back of the machine, seizing every mouse and keyboard, and imaging every piece of media for full exams that took weeks for each one. Training was hard to come by unless you could afford to travel for weeks on end across country. 

Luckily, I was lucky. My employer (a police department) sent me everywhere.  West coast, east coast, and the mid west.  I had in my collection about three forensics books because there weren’t any others I could find.  These few books were so generic that as a reference in doing the actual job, they were mostly books giving a 10-mile high overview of what to do.

My very first forensic case was a child pornography and child rape case that involved “one” computer in a single-family residence.  I was told it was “one” computer, but when the search warrant was served, I found a home network consisting of a server with 25 computers connected to it…plus more than 50 hard drives laying around EVERYWHERE in the house and probably no less than 500 CDs.  Wires were everywhere, tacked to the ceiling, in the attic, and under the carpet.  Some computers were running, others off.  The case detective simply said, “Get to work.”  And I had three books as a reference and training to rely on.  I was also the only forensics examiner in the department…that was a long day and the three books were of no help.

After surviving that case, I have seen more books on sub-topics of sub-topics in the field of forensics get published month-after-month.   With each book, I keep saying, “I sure wish I had this book a few years ago.”  Three of the books I wrote were books that I was waiting for someone to write, but got impatient and did it myself (with help from two other co-authors).  The books published today in the field of digital forensic and incident response are simply invaluable.  Anyone starting out today in the field has a wealth of information to draw upon, which is a good thing.

On top of the nonfiction books I have already published (including ghost writing book projects), I have a few fiction books wrapped up and ready to go.  Soon….hopefully soon…they will be published and put on my fiction bookshelf, and when they do, it will be something I’ll be talking quite a bit about.  The value of a good fiction book is just as important as the nonfiction.  Fiction may not be able to help you with your job like a good nonfiction book can, but it certainly can give you some good reading with a good story.

Rate this blog entry:
0
914 Hits

Dude, just write the book.

Dude, just write the book.

I had a discussion with a peer of mine about writing a book, in that my peer has been thinking of writing a book but never gets around to doing it.  After about two years of listening to how he should write his book, my response was “Dude, stop talking about it and write the darn book.”

His book idea is a nonfiction technical book and is about **secret topic** (of course I’m not leaking the topic or title!).  He is an expert, or at least knows a heckuv a lot more about the topic than I do.  I would buy the book tomorrow.  I even said that if he had written this book when he first told me about it, we’d be talking about the next edition and I would have already bought the first edition.  "Dude, you’re two years and two editions behind now!”

Which brings me to my point. Years ago, I said the same thing.  “Hey, I think I could write a book.” I said it a few people and one of the guys told me, “Dude, just write the darn book.” And so I did.  Three times already. Started a fourth. Plans for a fifth.  All from one person telling me to stop talking about it and write the book.  I took the suggestion to heart because he had already published several books himself. Thanks HC.

Fair warning: It’s not easy.

If you can get a contract, you’ll have deadlines to meet, standards to keep up, and demands placed on you by the publisher. Worse yet, if you don’t have a contract and want to self-publish, you have to place those same demands on yourself.

So now you know the secret. Just write the darn thing.

      

Rate this blog entry:
0
1225 Hits

Books written by practitioners are many times better than those written by those who 'never done it'

Books written by practitioners are many times better than those written by those who 'never done it'

Many of Syngress published books I’ve read are those written by people simply writing about how they do their job…while they are doing their job.   They are probably not writing while they are physically doing their work, but you know what I mean.

With my first book, Placing the Suspect Behind the Keyboard, I was consulting on a criminal cyber harassment case, two arson cases, and several civil litigation projects. In three of the cases during writing the book, the main goal was identifying users behind the keyboard (in one case, behind a mobile device).  In addition to doing what I knew from my law enforcement detective days, I conferred with experts for tips and tricks on tracking Internet users.  I was writing the book while doing the work.

My current book, Hiding the Behind the Keyboard, was virtually the same, however, this time with a co-author (John Bair). While writing the book, there were multiple interruptions of having to do work in the real-world outside of typing and testing theories. While John was working homicides and examining mobile devices in those cases, I was consulting on employee matters where unidentified employees were creating havoc with their company by being anonymous online. It is one thing to create a perfect scenario to test a theory and quite another to have actual evidence on an active case.  Again, this was another book of authors writing what they do on a daily basis.

I write about this only because I remind myself regularly of college courses I have taken in digital forensics where the required books not only cost an arm and a leg, but were written by academia, not active practitioners.  I’ve even taken a computer forensics course from a community college where the professor had not done one forensic exam…not a single one.  The professor did not even know how to connect a hardware write-blocker to a hard drive. I kid you not.  

I’m not a Syngress employee, but I do like their books. The cost may seem high for some of the books, but it is still about half the price of a college text in the same subject matter.  But the biggest difference is how the books read. I so much prefer reading a book that simply says, “This is how you do it in the real world”. I do not prefer books that speak in terms of an idealized theory.  Reminds me of my Field Training Officers in patrol telling me to forget what I learned at the academy because they were going to teach me what works on the street, in real life.  The best thing I like about the Syngress books is that I can read what the experts are using day-to-day in their own words.

And year after year, I check to see the new titles that come out and hope that Syngress changes their book covers from the previous year.  This year, there are more than a few titles that I have already pre-ordered and will have on hand for the next conference to have signed by the authors.  The cover design change was probably a bit overdue, but glad it has changed.

The discounts are nice too when you have more than a few books you want to buy...

 

 

Rate this blog entry:
0
1115 Hits

Massive Government Surveillance - Not a new thing

I'm close to wrapping up my latest book, Hiding Behind the Keyboard. One of the more interesting things I found while researching the electronic surveillance chapter is a historical note of massive electronic surveillance...way back in the early  1890s

Considering that government surveillance is one of the hottest topics today, no doubt brought into the spotlight by Edward Snowden, I found this one historical bit of surveillance in New York to be a reminder that electronic surveillance has been around much longer than what the average person may know.

Before getting into the New York Police massive surveillance story, you should know that wiretapping has been around as long as communicating electronically has existed.  For example, as soon as the telegraph was used, the telegraph communications were intercepted. During the Civil War, a "wire tapper" was an actual job in the war to intercept telegraphs!  But that's not what I mean in regards to mass goverment surveillance. The New York Police Department's history with wiretaps is what I found to be really interesting, even more interesting than the NSA surveillance disclosures

In short, back in the late 1800s, New York made wiretapping a felony but the NYPD believed they were above this law. They tapped people at whim and without warrants, including tapping Catholic priests.

In fact, NYPD quickly discovered that they could tap into any phone line of the New York Telephone Company, at anytime  to listen to any person on the line. They even tapped into hotels to listen to hotel any guest.

Obviously, this free-wheeling phone tapping ended after the Supreme Court decided that the Fourth Ammendent protected "intangles" such as communications when it was previously believed that only "tangibles" were protected against unreasonable search and seizure. However, the NYPD experience shows that when  given unfettered access to monitoring and surveillance, government can go too far with good or bad intentions.

The solution to prevent going too far is simple. Get a warrant. Smart government employees know that a warrant protects the people and the employee's career. For anyone to say warrants are difficult, impossible, or too burdonsome simply has not written an affidavit for a warrant or just doesn't have the probable cause in the first place (or may be lazy....).  Warrants are easy to write if you have probable cause.  In fact, some warrants don't even need to be written for approval as a recorded phone call to a judge can get you a telephonic warrant approved in less than half an hour or faster.

For those against any government surveillance, such as wiretaps or pen registers, as long as there is a warrant, there really isn't any problem.  The Constitution and state or federal  laws that approve wiretaps require that the searches not be unreasonable or unnecessary (meaning, there must be cause).  Technically, it is almost as easy as flipping a switch, but practically, it takes takes an investigation to develop probable cause that a crime exists in the first place.  No crime = no probable cause = no warrant.

As a disclaimer to my personal experiences, I have initiated and supported dozens of wiretaps, pen registers, trap and traces, hidden cameras, GPS installations, body wires, and bugs during my time in criminal investigations. I've had probable cause every single time, so much so, that PC dripped out of my investigation binders. And with that, I'm not a fan of unfettered, massive government surveillance without cause...

Rate this blog entry:
0
1635 Hits

Last day of discounted X-Ways Forensics online course

I'm sure there are a few more people left to register for the X-Ways Forensics online course (XWF I) with the discount code of "xwf1". That's 25% off, plus includes free tuition to the X-Ways Forensics II online course. XWF I is introductory, XWF II is more indepth, quite a bit longer, and will be released in August. XWF III, a shorter course will be released sometime after August.

Everyone registering by midnight tonight (Pacific time) for XWF I, gets access to XWF II and XWF III when published without cost. Otherwise, it's a separate tuition payment for each course.  From July 18, the XWF I is back to $195, XWF II will be $299, and XWF III will be $75.   Each class is lifetime access, on demand training, including updates to the courses when XWF is substantially updated (should be a course update once a year).

Details on XWF II are here: http://xwaysforensics.wordpress.com/2014/07/05/x-ways-forensics-practitioners-guide-online-ii/

Register for X-Ways Forensics Practitioner's Guide online course here:  http://courses.dfironlinetraining.com/x-ways-forensics-practitioners-guide

xwfii
Rate this blog entry:
0
994 Hits

X-Ways Forensics Practitioner's Guide Online II

For all  XWF I registrations prior to July 17, 2014, you will receive a code for 100% off the XWF II course shown below at the email you registered.  The deadline to register in order to receive the 100% discount code for XWF II is July 17, 2014, after which, the course is available for purchase without a discount.

These are on-demand courses and you have lifetime access to both courses (XWF I and XWF II).  There will be an XWF III course released during the summer, all who register before July 17, 2014 will receive another 100% off discount code for XWF III.  So, for the purchase of XWF I by July 17, you will have lifetime access to XWF I, XWF II and XWF III.

XWF II will be released after the discount codes currently given have expired in a few weeks.  The general discount code for 25% off is:   xwf1

Members of HTCC, IACIS, and CTIN have received a 30% discount code in their e-mail.  If you are a member and did not receive the code, check your e-mail, it should be there.  If you belong to a high tech crime group not listed, This email address is being protected from spambots. You need JavaScript enabled to view it. and I can send a 30% code to your association.  Otherwise, feel free to use the 25% discount code.

xwfii

Rate this blog entry:
0
1143 Hits

Digital Forensics Book of the Year!

The X-Ways Forensics Practitioner's Guide won the Best Digital Forensics Book of the Year award at the DFIR Summit 2014 in Austin, Texas.  I'd like to thank everyone who voted for the XWF Guide and hope the book has helped you in your work.


  Xways-Cover




[caption id="attachment_587" align="alignleft" width="620"]award https://forensic4cast.com/forensic-4cast-awards/2014-results/
Rate this blog entry:
0
772 Hits

Don't blame me...

[caption id="attachment_579" align="alignleft" width="700"]dontdoit "Of course you can trust PDF downloads." - UglyGorilla and KandyGoo


I have been given about a dozen or so URLs from friends with the X-Ways Practitioner's Guide as downloads.  Mostly, I am given the URLs so I can let  the publisher  know and they can take the pirated files down (good luck with that....).

If you ever considered downloading these sort of of things, just a thought, don't do it!  I'd hate for bad things to happen to your computer because of a file with my name on it that was manipulated by Unit 61398 or some other hacking organization.
Rate this blog entry:
0
688 Hits

Vote for the best book right away!

The deadline for the Forensic 4:cast Digital Forensics Book of the Year has been changed.

https://forensic4cast.com/forensic-4cast-awards/

 

[caption id="attachment_1218" align="aligncenter" width="708"] My personal favorite....Placing the Suspect Behind the Keyboard...it's the first and only writing on the subject manner incorporating investigative methods in and out of the (computer) box.


 
 

Xways-Cover http://amzn.to/1g5sfSX

 

]Placing the Suspect Behind the Keyboard http://amzn.to/1owuRmr


 

Rate this blog entry:
0
725 Hits