Title: Cloud Forensics Demystified: Decoding Cloud Investigation Complexities for Digital Forensic Professionals

Authors: Ganesh Ramakrishnan & Mansoor Haqanee

Publisher: Packt

Where to Buy (links):

Packt

Amazon*

Topics:

• Cloud Fundamentals
• Forensic Readiness: Tools, Techniques, and Preparation for Cloud Forensics
• DFIR Investigations – Logs in AWS, Azure, and GCP
• Cloud Productivity Suites (Microsoft 365 and Google Workspace)
• Common Attack Vectors and TTPs
• Cloud Forensic Analysis – Responding to an Incident in the Cloud
• The Digital Forensics and Incident Response Process
• Tools and Techniques for Digital Forensic Investigations
• Live Forensic Analysis and Threat Hunting
• Network Forensics
• Malware Investigations
• Traditional Forensics vs Cloud Forensics
• MITRE ATT&CK Framework
• Cloud Evidence Acquisition (AWS, Azure, GCP)
• Analyzing Compromised Containers
• Analyzing Compromised Cloud Productivity Suites (Microsoft 365 and Google Workspace)

*DFIR Diva is an affiliate of Amazon and receives a small percentage of sales made through affiliate links that go toward keeping the site running.

Book Title: Digital Forensics and Incident Response

Author: Gerard Johansen

Where to Buy:

Packt (Print & eBook)

Amazon*

Topics:

• Understanding Incident Response
• Managing Cyber Incidents
• Fundamentals of Digital Forensics
• Investigative Methodology
• Evidence Acquisition
• Collecting Network Evidence
• Acquiring Host-Based Evidence
• Remove Evidence Collection
• Forensic Imaging
• Evidence Analysis
• Analyzing Network Evidence
• Analyzing System Memory
• Analyzing System Storage
• Analyzing Log Files
• Writing the Incident Report
• Ransomware Incident Response
• Ransomware Preparation and Response
• Ransomware Investigations
• Threat Intelligence and Hunting
• Malware Analysis for Incident Response
• Leveraging Threat Intelligence
• Threat Hunting

*As an Amazon Associate I earn from qualifying purchases. This helps with the cost of running this website.

Book Title: Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset

Author: Brett Shavers

Book Website: Placing the Suspect Behind the Keyboard

Where to Buy:

Amazon*

Chapters Include:

• Technical Skills
  • Tech Prowess
• Knowledge
  • Rules of Civil/Criminal Procedure
  • Rules of Evidence
  • Evidence is not only just evidence
  • Does evidence prove or disprove theories?
• Self-Assessment
  • Who are you?
  • Curiosity
  • Your Identity
  • Other DFIR investigative traits
  • Your brain
  • Assessing your team
  • Self-assessment rating
• Senses
  • Perceptions & perspectives
  • Seeing & observing
  • Hearing & listening
• Hacking Your Mind
  • Critical thinking
  • Creative thinking
  • Visual thinking
  • Additional thinking models
  • Critical reading
  • Logic and reasoning
  • Cognition and ignorance
  • Theories and hypothesis
  • Think
  • Bias
  • Fallacies and reasoning errors
• Tactics
  • Old school & high tech
  • Checklists & procedures
  • The Investigative Cycle(s)
  • Live Cycles, Kill Chains, & Crime Scripting
  • Profiling
  • Identity
  • Link analysis
  • Notetaking
  • Problem-solving
  • Visualization to see the case
• Strategies
  • Micro and Macro
  • Decision-making
  • Focus and distractions
  • Correlation and causation
  • Targeting and pivoting
  • Errors and mistakes
  • Dumb ideas and terrible solutions
  • Words (and choice of words) matter
• Transformation
  • Scenario-based training
  • Visualization drills
  • Writing and speaking
  • Memory & documentation
  • Case studies
  • Unconscious competence?
  • Shadowing
  • Daily life of a critical thinker
  • Peer review
• Wisdom
  • Know yourself & seek self-improvement
  • Technical competence is your responsiblity
  • Hack your brain
  • Hack the adversary
  • Personal and professional accountability
  • Ethics and corruption
  • Credibility and reliability
  • Faults and competence
  • Pitfalls and self-made traps
• Education & Training
  • You need both training and education in DFIR
• AI as the Investigator
• Time to Liftoff
  • Obstacles to developing a DFIR Investigative Mindset
• Conclusion
  • My last bit of guidance for you

*As an Amazon Associate I earn from qualifying purchases. This helps with the cost of running this website.

Book Title: Effective Threat Investigation for SOC Analysts

Author: Mostafa Yahia

Where to Buy:

Packt (Print & eBook)

Amazon*

Topics:

• Email Investigation Techniques
• Introduction to Windows Event Logs
• Tracking Accounts Login and Management
• Investigating Suspicious Process Execution Using Windows Event Logs
• Investigating PowerShell Event Logs
• Investigating Persistence and Lateral Movement Using Windows Event Logs
• Network Firewall Logs Analysis
• Web Proxy Logs Analysis
• Investigating Suspicious Outbound Communications (C&C Communications) by Using Proxy Logs
• Investigating External Threats
• Investigating Network Flows and Security Solutions Alerts
• Introduction to Threat Intelligence
• Investigating Threats Using VirusTotal
• Investigating Threats Using IBM X-Force Exchange
• Malware Sandboxing – Building a Malware Sandbox
• Hands-On Demo Lab

*As an Amazon Associate I earn from qualifying purchases. This helps with the cost of running this website.

Book Title: Practical Linux Forensics: A Guide for Digital Investigators

Author: Bruce Nikkel

Publisher: No Starch Press

Where to Buy (links):

No Starch Press (Print & eBook)

Amazon* 

Topics: Digital Forensics Overview, Linux Overview, Evidence from Storage Devices and Filesystems, Directory Layout and Forensic Analysis of Linux Files, Investigating Evidence from Linux Logs, Reconstructing System Boot and Initialization, Examination of Installed Software Packages, Identifying Network Configuration Artifacts, Forensic Analysis of Time and Location, Reconstructing User Desktops and Login Activity, Forensic Traces of Attached Peripheral Devices

*As an Amazon associate, I earn from qualifying purchases. This helps with the cost of running this website.

Name and Direct Link (LeanPub): EZ Tools Manuals

Cost: Pay what you want, including Free

Topics: Eric Zimmerman’s Tools, AmcacheParser, AppCompatCacheParser, bstrings, EvtxECmd, IISGeoLocate, JLECmd, LECmd, MFTECmd, PECmd, RBCmd, RecentFileCacheParser, RECmd, RLA, SBECmd, SQLECmd, SrumCmd, SumECmd, VSCMount, WxTCmd, EZ Tools GUI, EZViewer, JumpList Explorer, Registry Explorer, Shellbags Explorer, Timeline Explorer

Name & Direct Link (LeanPub): The Hitchhiker’s Guide to DFIR: Experiences From Beginners and Experts

Topics: Digital Forensics Discord Server, Malware Analysis, Password Cracking for Beginners, Android Application Analysis, De-Obfuscating PowerShell Payloads, CTFs, Law Enforcement Digital Forensics Laboratory, Artifacts as Evidence, Forensic Imaging in a Nutshell, Linux and Digital Forensics

Learn More About and Join the Discord Server Here: A Beginner’s Guide to the Digital Forensics Discord Server

Book Title: PowerShell and Python Together Targeting Digital Investigations

Author: Chet Hosmer

Publisher: Apress

Where to Buy (link):

Apress/Springer Books (Print & eBook)

Amazon*

Topics: PowerShell for Investigators, Navigating PowerShell ISE, PowerShell CmdLets, PowerShell Pipelining, PowerShell Scripting Targeting Investigation, EventProcessor PowerShell Script, Remote Access, USB Device Usage Discovery, Python and Live Acquisition, Directing PowerShell with Python, Gathering and Analyzing Remote Evidence, Extracting Names from Text Documents, Extracting EXIF Data from Photographs

*As an Amazon Associate I earn from qualifying purchases. This helps with the cost of running this website.

Book Title: Malware Analysis and Detection Engineering

Authors: Abhijit Mohanta and Anoop Saldanha

Publisher: Apress

Where to Buy (links):

Apress/Springer Books (Print & eBook)

Amazon*

Topics: Malware Analysis Lab Setup, Files and File Formats, Virtual Memory and the Portable Exececutable (PE) File, Windows Internals, Malware Components, Persistence Mechanisms, Network Communication, Code Injection, Process Hollowing, API Hooking, Stealth and Rootkits, Static Analysis, Dynamic Analysis, Memory Forensics with Volatility, Payload Dissection and Classification, Debuggers and Assembly Language, Debugging Code Injection, Armoring and Evasion, Antivirus Engines, IDS/IPS and Snort/Suricata Rule Writing, Malware Sandbox Internals, Binary Instrumentation for Reversing Automation

*DFIR Diva is an affiliate of Amazon and receives a small percentage of sales made through affiliate links that go toward keeping the site running.

Book Title: Learning Malware Analysis

Author: Monnappa K A

Publisher: Packt

Where to Buy (link):

Packt (Print & eBook)

Amazon

Topics: Types of Malware Analysis, Setting Up the Lab Environment, Malware Sources, Statis Analysis, Determining File Type, Fingerprinting Malware, Extracting Strings, Determining File Obfuscation, Inspecting PE Header Information, Comparing and Classifying the Malware, Dynamic Analysis, System and Network Monitoring, Dynamic-Link Library (DLL) Analysis, Computer Basics, CPU Registers, Data Transfer Instructions, Arithmetic Operations, Bitwise Operations, Assembly and Disassembly, x64 Architecture, IDA, x64dbg, Debugging a .NET Application, Malware Persistance Methods, User Mode, Kernel Mode, Code Injection Techniques, Hooking Techniques, Obfuscation Techniques, Encryption, Unpacking, Hunting Malware Using Memory Forensics, Volatility, Detecting API Hooks, Kernel Mode Rootkits