Computer Forensics with FTK by Fernando Carbone, Packt Publishing Book Review
Computer Forensics with FTK by Fernando Carbone book is my first read on the computer forensics science subject. Being not new to the computer and database programming frankly had always made me curious what happens with this wealth of data that travels through my laptop or sits somewhere without my knowledge. This book reveals some of this mystery, or at least promises to shed some light onto this aspect.
The book dedicates itself to one of a dozen or so forensic tools called FTK. FTK is proprietary software by AccessData and runs on a Windows OS only. FTK has seemingly gained a lot in popularity though in the public sector. Despite this fact many components of FTK are free so you must be able to play around with several major parts. FTK can also be freely downloaded.
The book is not terribly long, but if you are in a hurry it will cover nicely all the important aspects of conducting a forensic analysis. It is an easy read. The book has pictures so you would rarely need to put it down to play with the software.
After finishing reading this book I realized that FTK is quite comprehensive and a fairly complex tool. However, it promises to cover a typical forensic analysis in a professional manner. The author describes the process from the very basics to conducting a full fledged review that goes beyond a personal computer hard disk analysis to mobile phone or other devices with a report produced.
My favourite chapters were on Registry analysis and password guessing. Never knew this is so possible with FTK. Also its ability to gather evidence remotely blew my mind!
I generally recommend this book. Especially for novice in the field. FTK is also looking like a mature tool with many capabilities.
I am giving this book a 4 out of 5 rating. Mostly because this book is too short, reads as a manual than a problem solver and not covering the social media/public web activities evidence gathering, does not describe how to visualize the data and the very reporting is not covered in enough depth.