DFIR Training Blog



“If you don't have time to read, you don't have the time (or the tools) to write. Simple as that.” – Stephen King

The DFIR Book Share Challenge (I made that up by the way, but it works for me)

First, hats off to those authors contributing their books to the DFIR Book Share Challenge and participating in this endeavor.

And just as important, thanks to the winners of the books who are fulfilling the challenge of passing the books along after reading them. My high hope is to create positive communications in our community with the books, in that we have a chance to be in the path of where the books will travel; in that we can talk about the content of the books in a manner to share information; and in that we can talk to each other as we hand off the book from one person to another.  Sign up to win a book here:  https://www.social.dfir.training/groups/viewgroup/3-dfir-book-giveaways  

So far, I have shipped out three books in October ( Investigating Windows Systems , Placing the Suspect Behind the Keyboard , and the X-Ways Forensics Practitioner’s Guide ) and will be shipping out two books in November ( Hands-On Incident Response and Digital Forensics , and Windows Registry Forensics/2E ). Each month from now, I will attempt to give away at least two books a month, for as long as there are DFIR books to give away (this could go on for quite a while).

Book reviews

The book reviews may take time to complete….but I’ll have something done with the reviews on different platforms including Amazon reviews, a blog post, maybe a video review, and things like that to help market these books. When I say “market these books”, I mean that in a way of sharing that the books exist. I try to keep up on the new books coming out, but there is always a book I miss because I never saw anything about the book coming out. Part of this challenge is to throw a little marketing your way about a book that you may not have known about, but may really rock the way you do your work. As for me, if there is one book, or a page in a book, or a paragraph, or even one sentence that pushes me forward in how I do business , then it was well worth the time to read.

If you haven’t read the ‘why’ and ‘how’ of this challenge, please check out my blog post about it: FREE #DFIR Books!

On reading books (and writing reports)

I quoted Stephen King for this blog post. I find King’s quote very relevant to our jobs in both reading and writing. I'd like to add to King's quote with "and if you don't have time to read, you'll not be good at writing or reading" . Reading fiction might will help your report writing, but that is not what I am talking about. I mean that reading DFIR non-fiction will not only give you tools for you to mechanically do your job, but it will also give you tools to help you write about your mechanics. Part of our work is to solve problems. The other part is to write and talk about it. You must have both ends of the equation to be considered competent.

Being successful in DFIR requires developing a self-learning attitude. Self-learning most always involves reading books because a book on the topic you are learning will save you hours, if not days or weeks, compared to trying to figure out something that has been already discussed and detailed in a book. Learn what has already been written about in a book, and then run with that information to push it forward with your own experience and research. Don't reinvent the wheel unless the wheel is broken.

In short….read the books. As many as you can get your hands on.

Side note:

When you pass the books along, I encourage you to encourage the next person to keep the books moving forward. Share the sharing of the book on social media, send me something of where the book went (city and country) and I’ll add it to the map.


Written by :Brett Shavers

{rscomments option="com_rsblog" id="47"}