Harlan Carvey is a very knowledgeable fellow about computer forensics, especially WIndows forensics. I've seen several of presentation at the RCFG GMU conferences. His books -- Windows Forensic Analysis and Perl Scripting for IT Security Professionals -- are worth checking out. if you are interested in computer forensics.

Also worth checking out is his Windows Incident Response blog. Even if you don't work with Windows, this blog has many good postings insights applicable beyond Windows alone. Here are couple of particular useful ones for people seeking to get into computer forensics:

1. Getting started, or forensic analysis on the cheap gives an excellent list of free (cost-free) tools. At the end, Carvey adds this important point about computer forensics: "Also, all of the technical tools and techniques are for naught if you (a) cannot follow a process, and (b) cannot document what you do." I am by no means a computer/network forensics expert but I have seen enough things to say he is quite correct.

2. Getting start, pt II isuggests using the free cheap tools as a resource for the interview process when hiring people for computer forensics work. I particularly like this:

The whole point of the use of these tools and techniques as training and evaluation resources would be to get analysts thinking and processing information beyond the point of "Nintendo forensics", going beyond pushing a button to get information...because how do you know if the information you receive is valid or not? Does it make sense? Is there a way to dig deeper or perhaps validate that information, or is there a technique that will provide validation of your data?

Amen!

Jonathan "J.D." Abolins