Benefits of command line forensic tools in investigation


Dec 31, 2006
3,405
0
#2
If you can build your own tools (an example would be the tools Harlan Carvey builds in Perl in his Windows Forensic book), building a GUI front end is often an extra and unneeded step especially if you are customizing the tool for a specific purpose. If you are performing live forensics, tools without a GUI front end have less impact on the system.
 

Sysops

New Member
Oct 9, 2007
90
0
#3
PreferredUser said:
If you can build your own tools (an example would be the tools Harlan Carvey builds in Perl in his Windows Forensic book), building a GUI front end is often an extra and unneeded step especially if you are customizing the tool for a specific purpose. If you are performing live forensics, tools without a GUI front end have less impact on the system.
I know Harlan, well informally. How is his book, I was about to buy that; I probably will. Most of the computer forensic books I have I bought in advisement from him.
 
Dec 31, 2006
3,405
0
#4
I would rate the new Carvey book as a Must Read. I have a lot of what others rated as must have reference books, but Harlan's new book now maintains a near permanent dog-eared/highlighted space on my desk. The real world examples and code are top notch.
 

Sysops

New Member
Oct 9, 2007
90
0
#5
PreferredUser said:
I would rate the new Carvey book as a Must Read. I have a lot of what others rated as must have reference books, but Harlan's new book now maintains a near permanent dog-eared/highlighted space on my desk. The real world examples and code are top notch.
Alright, Thanks for the advice. It was a really weird coincidence; After I saw you guys talking about Carvey; I went to class and we were running Xways on the teacher laptop just trying different deletion methods and came upon a folder named Carvery... I asked the Professor what it was and he said it was from Harlans Book... I'm sure this doesn't sound as strange to you guys as it was to me when it took place.

~Sysops :twisted:
 
Sep 2, 2004
70
6
#6
Guys,

Thanks for the recommendations and shout-outs, re: my book.

Can I get either of you to provide info on the instructor? How about this...I would greatly appreciate a book review posted to SlashDot.

Here's the issue...no one makes money off of books, except the publisher. However, I enjoy research and writing...I would love to write a second edition of the book, going more into depth on Vista (and eventually 2008), and adding the info I've accumulated (through my own investigations) since the book was published. The best way to do that is to show the publisher that the book is popular...and nothing drives popularity like getting the book out there, particularly on Slashdot.

Thanks,

Harlan
 
Dec 31, 2006
3,405
0
#7
keydet89 said:
How about this...I would greatly appreciate a book review posted to SlashDot.
Seriously? I just bopped over to SlashDot and read the reviews that were there . . . Well I started to read them and lost interest after the third post degenerated into uselessness. I'll stick by my comment on Amazon. BTW as soon as I get a little further along in the Perl book I will post a review as well.
 
Sep 2, 2004
70
6
#8
PreferredUser...

Yes, that's how things go over on SlashDot. However, Bejtlich and others have documented an increase in interest in books when a review is posted on SlashDot...follow-on comments are irrelevant. A posted review on /. has been directly correlated with an increase in interest (tracked via Amazon) and a corresponding increase in sales. Sales numbers is what the publisher looks at when deciding to go ahead w/ a second edition.

Thanks.
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu