Guide to digital forensics is designed as a 145-page introductory textbook or an overview for practitioners. The author is Swedish, but the concepts are universal.
The topic is logically developed in four sections: “Theory,” “Put It to Practice,” “Vocabulary,” and “Appendices” (of problem solutions, useful scripts, a sample report template, time zones, and a Jitsi chat log). “Theory” is divided into chapters discussing “What Is Digital Forensics?”; “What Is Cybercrime?”; “Computer Theory”; “Collecting Evidence”; and “Analyzing Data and Writing Reports.” The section on practice includes chapters concerning “Collecting Data”; “Indexing, Searching, and Cracking”; “Finding Artifacts”; “Some Common Questions”; “FTK Specifics”; and “Basic Memory Analysis.”
The scripts indicate how to capture basic computer information on Mac, Linux, and Windows, and how to parse Jitsi chat logs. These could be modified or expanded for more advanced work. Common questions are discussed: Was the computer remote controlled? Who was using the computer? Was this device ever at site X?
Each chapter begins with an abstract and a list of keywords and concludes with questions and tasks and a list of references. Where appropriate, figures, diagrams, and flowcharts are included. Chapters average about 12 pages in length, with each chapter broken into subsections for easy searching in the table of contents.
The short length provides a very good introduction to digital forensics without bogging the reader down in excessive detail and in-depth discussions. It is well written and worthy of your attention.