This is the resource page for the Infosec Pro Guide to Computer Forensics.


On this page divided by chapter you’ll be links referenced in the book, video and sample images for the analysis chapters and any corrections or errata that were found after publishing.


Chapter 1

Links from chapter

Chapter 4

There is an error in Chapter 4 page 64 as pointed out by Sam Bowne.

Late night writing must have got me, when I am describing slack space I incorrectly create a scenario that would have only included RAM Slack and not Slack of the file itself. RAM Slack means that to fill out the area of the last sector being written to Windows would write out contents of memory to the disk. RAM Slack since Windows XP stopped containing actual RAM and instead has been filled with NULLs. If more than one sector was allocated to an old file and the new file that overwrote it left whole sectors unused then just those additional sectors would contain File Slack or the contents of the old file.


I hope that clarifies it and thanks Sam Bowne for pointing that out!


Chapter 8

Links from chapter


If you are confused why in the Raptor section you can’t write your image to any partition, I somehow left the mounting step out. Before imaging pick the ‘mount’ tab and choose the partition you are going to write your evidence too and make sure to pick ‘allow changes’. Once complete the mounted partition will appear as a destination on the ‘Image’ tab.

Chapter 14

Links from chapter

Sample Forensic Image:!PsIRHByL!lXtFTtORkX3BDlUjkAHrhXHy20RGeRVOH1xUap85VZM

Chapter 16


Chapter 17