Tuesday, April 17, 2007

WFA Sample Chapter

I wanted to point out to the readers of this blog that Syngress/Elsevier has a sample chapter of my book available online for free download. The sample chapter is chapter 3, Windows Memory Analysis.

I point this out because I've received questions via a number of forums about the content...questions like, "how will this book help me?" and "will this book teach me anything new?"

...and I thought Troy Larson's quote would've been enough to sell the book to the blind!

If you download the chapter, or purchase the book, I'd greatly appreciate comments...regarding content, etc.



Anonymous said...

Hey thanks! I will read it. I plan on purchasing the book anyway. Don't spend the $.07 in royalties all in one place!

Anonymous said...


Recently purchased the E-Book version so i could have in my powerbook and do a lookup real fast. I've recently done an investigation, and the chapter on Registery analysis certainly helped A LOT!!! I knew you could get some info on registery but i didnt know you could get A LOT of info from it.

Love the book. I'm still waiting on the DVD to arrive so i could test out your scripts.

ForensicZone said...

Harlan- I bought the e-book and skipped to Chapter 6 (Executable File Analysis). I used Chapter 6 to walk through a Static and Dynamic Analysis and of a malware executable. I have been doing forensic investigation for years and have been looking to branch out a little in malware investigations. Your book gave me a great starting point for doing this type of investigation. The programs you recommended worked great and I can’t wait to try your scripts. I am also looking forward to the other chapters. Rick from ForensicZone.com

jaymcjay said...

Impressive! I'm a CS student in college now, and found your blog and your website in my research. The sample chapter was by far the best resource I've found in live Windows analysis. As soon as I have the money, I *know* I will buy this book, which will be the first non-required CS book I've ever bought :)

Thanks for contributing to this niche of forensics. -Jeff

Unknown said...


I have your first book, and am itching to purchase the new one. However, I am unable to locate a Table of Contents anywhere online that would let me know what the book covers. Any idea of where one could get more info before purchasing the book? Thanks!

H. Carvey said...

onehappycustomer, Rick, and Jeff,

Thank you for your comments, and for purchasing the book!


If you go here, you'll find a link under the ISB called "Table of Contents". ;-)

Hope that helps!

Anonymous said...

It looks like you've been busy. Amazon has your other book available for pre-orders.

H. Carvey said...

Actually, I haven't...the publisher jumped the gun a bit with that one. I'd like to do it, but right now there are no other co-authors...or, perhaps more correctly, none that have ponied up an outline.