My personal library of digital forensics books has grown from two books to two shelves of books.  All nonfiction.  All technical.  All specific to specific sub-topics in digital forensics.  My fiction bookshelf is full too, but my nonfiction bookshelf is most important since I have dog-eared and marked up each one as references.

I have bought and read so many digital forensics books that when I see a good forensic book on Amazon, I have to double-check my collection to make sure I don’t order the same book twice.  I’ve even published three digital forensics books and they also sit on my shelf because I even refer back to them as needed…and I wrote them!

When I first started in digital forensics, it was called “computer forensics”.  This was in the days of yanking out the plug from the back of the machine, seizing every mouse and keyboard, and imaging every piece of media for full exams that took weeks for each one. Training was hard to come by unless you could afford to travel for weeks on end across country. 

Luckily, I was lucky. My employer (a police department) sent me everywhere.  West coast, east coast, and the mid west.  I had in my collection about three forensics books because there weren’t any others I could find.  These few books were so generic that as a reference in doing the actual job, they were mostly books giving a 10-mile high overview of what to do.

My very first forensic case was a child pornography and child rape case that involved “one” computer in a single-family residence.  I was told it was “one” computer, but when the search warrant was served, I found a home network consisting of a server with 25 computers connected to it…plus more than 50 hard drives laying around EVERYWHERE in the house and probably no less than 500 CDs.  Wires were everywhere, tacked to the ceiling, in the attic, and under the carpet.  Some computers were running, others off.  The case detective simply said, “Get to work.”  And I had three books as a reference and training to rely on.  I was also the only forensics examiner in the department…that was a long day and the three books were of no help.

After surviving that case, I have seen more books on sub-topics of sub-topics in the field of forensics get published month-after-month.   With each book, I keep saying, “I sure wish I had this book a few years ago.”  Three of the books I wrote were books that I was waiting for someone to write, but got impatient and did it myself (with help from two other co-authors).  The books published today in the field of digital forensic and incident response are simply invaluable.  Anyone starting out today in the field has a wealth of information to draw upon, which is a good thing.

On top of the nonfiction books I have already published (including ghost writing book projects), I have a few fiction books wrapped up and ready to go.  Soon….hopefully soon…they will be published and put on my fiction bookshelf, and when they do, it will be something I’ll be talking quite a bit about.  The value of a good fiction book is just as important as the nonfiction.  Fiction may not be able to help you with your job like a good nonfiction book can, but it certainly can give you some good reading with a good story.

I had a discussion with a peer of mine about writing a book, in that my peer has been thinking of writing a book but never gets around to doing it.  After about two years of listening to how he should write his book, my response was “Dude, stop talking about it and write the darn book.”

His book idea is a nonfiction technical book and is about **secret topic** (of course I’m not leaking the topic or title!).  He is an expert, or at least knows a heckuv a lot more about the topic than I do.  I would buy the book tomorrow.  I even said that if he had written this book when he first told me about it, we’d be talking about the next edition and I would have already bought the first edition.  "Dude, you’re two years and two editions behind now!”

Which brings me to my point. Years ago, I said the same thing.  “Hey, I think I could write a book.” I said it a few people and one of the guys told me, “Dude, just write the darn book.” And so I did.  Three times already. Started a fourth. Plans for a fifth.  All from one person telling me to stop talking about it and write the book.  I took the suggestion to heart because he had already published several books himself. Thanks HC.

Fair warning: It’s not easy.

If you can get a contract, you’ll have deadlines to meet, standards to keep up, and demands placed on you by the publisher. Worse yet, if you don’t have a contract and want to self-publish, you have to place those same demands on yourself.

So now you know the secret. Just write the darn thing.

Many of Syngress published books I’ve read are those written by people simply writing about how they do their job…while they are doing their job.   They are probably not writing while they are physically doing their work, but you know what I mean.

With my first book, Placing the Suspect Behind the Keyboard, I was consulting on a criminal cyber harassment case, two arson cases, and several civil litigation projects. In three of the cases during writing the book, the main goal was identifying users behind the keyboard (in one case, behind a mobile device).  In addition to doing what I knew from my law enforcement detective days, I conferred with experts for tips and tricks on tracking Internet users.  I was writing the book while doing the work.

My current book, Hiding the Behind the Keyboard, was virtually the same, however, this time with a co-author (John Bair). While writing the book, there were multiple interruptions of having to do work in the real-world outside of typing and testing theories. While John was working homicides and examining mobile devices in those cases, I was consulting on employee matters where unidentified employees were creating havoc with their company by being anonymous online. It is one thing to create a perfect scenario to test a theory and quite another to have actual evidence on an active case.  Again, this was another book of authors writing what they do on a daily basis.

I write about this only because I remind myself regularly of college courses I have taken in digital forensics where the required books not only cost an arm and a leg, but were written by academia, not active practitioners.  I’ve even taken a computer forensics course from a community college where the professor had not done one forensic exam…not a single one.  The professor did not even know how to connect a hardware write-blocker to a hard drive. I kid you not.  

I’m not a Syngress employee, but I do like their books. The cost may seem high for some of the books, but it is still about half the price of a college text in the same subject matter.  But the biggest difference is how the books read. I so much prefer reading a book that simply says, “This is how you do it in the real world”. I do not prefer books that speak in terms of an idealized theory.  Reminds me of my Field Training Officers in patrol telling me to forget what I learned at the academy because they were going to teach me what works on the street, in real life.  The best thing I like about the Syngress books is that I can read what the experts are using day-to-day in their own words.

And year after year, I check to see the new titles that come out and hope that Syngress changes their book covers from the previous year.  This year, there are more than a few titles that I have already pre-ordered and will have on hand for the next conference to have signed by the authors.  The cover design change was probably a bit overdue, but glad it has changed.

The discounts are nice too when you have more than a few books you want to buy...