Thursday, May 22, 2014

Book Writing: To Self-Publish, or Not

The CEIC Conference is going on as I write this, and Suzanne Widup's author panel went on yesterday.  I'm not at the conference, so like many others, I live vicariously through what gets Tweeted about the conference, as well as about specific portions of the conference, such as the panel.

I saw a question posted to Twitter, in which the tweeter asked, "for the panel, why not self-publish like RTFM?"

My initial thought was, you need to consider the members of the panel and the books they've written or co-authored; those titles really don't lend themselves too well to a format similar to RTFM, which, in some cases, is described as a collection of notes and tips bound into a book.  For example, I don't think I could see Hacking Exposed Computer Forensics in a format similar to RTFM.  As such, the question is essentially an apples-to-oranges comparison.  While self-publishing definitely has it's place, but may not always the best option for the material, nor for the author.  But that doesn't mean that there aren't publishing possibilities out there that would be very well suited to a format similar to RTFM.

I've addressed this topic before, but it is a good question, and certainly bears addressing.  Essentially, the choice of whether to go with a publisher or to self-publish comes down to how much time and effort you do want to invest in getting the book least, that's my perspective.  Other perspectives might be about what the author gets out of it, or how much someone has to pay for the book.  Writing a book is tough enough as it is...having someone there to do some of those things that need to be done (i.e., formatting, illustrations, copy editing, printing, etc.) in order for the book to be available to others means that the author can focus time and effort on writing the book, and not have to stop and figure out how get something done, or find a resource.

A friend of mine told me that her husband publishes CDs for his band on his own, rather than going through a production firm.  That means that he does everything himself; in some cases this makes perfect sense.  In others, such as writing a DFIR book, maybe not so much.  Most of us don't like to write as it is; if you self-publish, would you have someone review your materials for grammar, consistency, and technical accuracy?  If so, would it be someone you pay for that service?  Where's that money going to come from?  How will you handle illustrations or figures?

As such, consider this... if self-publishing were the sole route available, we'd likely have far fewer books available in the DFIR field.  Or, maybe another way to put it is that if self-publishing really were that easy, we'd have more books.  In the years that I've been involved in writing books, I've seen a fairly good number of folks start down the road and not make it very far, for a variety of reasons.  In some cases, it's due to the realization that there's much more to writing a book than simply having an idea.  When the publisher comes back and gives you a bunch of forms to fill out, and requests a market analysis and a detailed outline, with a swag on a word count, the reality of the situation becomes readily apparent.  I've seen people stop there.  I've also seen one instance where the author got past the point of signing a contract, and the publisher came back later and modified the contract, almost doubling the word count for the final manuscript, but made no other changes to contract, including the delivery date. The author simply walked away.

I've read a number of the reviews for RTFM, and to be honest, the book sounds like a fantastic idea; it was apparently originally intended to be an accumulation of someone's notes to be passed on to their team.  In the right hands, something like that can be extremely useful, and I can relate; when I was in grad school in '95-ish, I taught myself Java programming and relied heavily on O'Reilly's " a Nutshell" books for tips and guidance.  I found it very useful, because I wasn't looking for the basics of programming, and the basics of Java programming to be explained to me...I just wanted the bare bones stuff, with no fluff.  Material that might be better suited to an RTFM-like format might be something like what's found here.

Self-publishing simply isn't for everyone...the audience for a book like this is pretty limited.  I can see books like this for using other tools, but I think that one of the strengths of RTFM is that there's the base assumption that anyone purchasing the book is familiar with both operating at the command line, and with Linux.  While there are certain segments of the DFIR community that would strongly suggest that that's exactly how it should be, the fact is that this is far from reality.

Self-publishing a book: 25 things you need to know - I strongly suggest that you read them all - self-publishing company
How to self-publish - a guide, with pictures


Corey Harrell said...


Thanks for taking the time to answer this question. One item you hit on and one that could be overlooked is the editing. I think one thing that can make or break a book is editing. In the past I found it very difficult to read something filled with typos, grammer mistakes, run on sentences. It is very distracting and takes away from the content. Publishing a book without a good editing process (including technical) could result in a poor product. Very good point to bring up.

H. Carvey said...


Thanks for the comment.

Like you, I've found that things as simple as emails, and even case notes and reports, are often rife with grammar and spelling errors, artifacts named incorrectly, etc. The editing process is very important, to give someone else a chance to look something over and even check to see if that command line is correct.

B!n@ry said...

Thanks for another really useful post, I agree with all of it.

I think without that editing process, an author won't be able to write books in languages other than his/her mother tongue, which will truly limit the no. of audience that could benefit from; especially if he/she isn't an expert in that language. Also, rather than focusing on the book content "meat" itself, they have to consider the editing issues and that will really be both time consuming and might not get to be presented professionally! So I really think this is one of the most important points to consider before doing a self-publishing book.

H. Carvey said...

I agree, editing is important...not just the copy editing provided by the publisher, but also the technical editing.

Copy editing will provide a check of spelling and grammar, as well as provide consistency. For example, in WRF, the copy editor wanted to make "plugin" into "plug-in".

Technical editing is hit or I've recommended before, it's best if the author finds someone that they trust to do the job and stay on point. I've had technical editors get chapters back to the publisher well after the deadline, only to have one comment..."needs work". That's not entirely helpful. Neither is the tech editor adding a total of three comments to a chapter, two of which are, "oh, this is neat...I never knew that!"

Publishers really aren't all that good at finding quality tech editors, and those who want to be tech editors often sign up without having the time to devote to a project like a book. I've been lucky...while I've had some really bad tech editors (to the point where I've either asked the publisher to get another one, or just ignored them), I've also had some very, very good tech editors, as well.

Ancient said...

Hi Harlen,

I enjoyed reading your post. On another subject, I think having a computer forensic specific book that was written in the same format as RTFM would be valuable. I use RTFM at capture the flag competitions and see that computer forensics is constantly being added to these type of events. I also have RTFM handy at work and feel having a small book targeting computer forensics would be valuable. It would come in handy at work as well as any type of competition or customer facing engagement.

I wanted to see what you thought. Please let me know what you think… So we can get started.


H. Carvey said...


So we can get started.

What did you have in mind?

Ancient said...


One book would be dedicated to incident response and then the other one would be dedicated to examining operating systems. They would focus on open source tools for the most part. We would include commands for tools such as RegRipper and Volatility. We would also include quick guidelines on registry, ntfs, etc.

I’ll throw an example together and send it to you tonight. You covered most of the items in your books, it would just be a quick guide that would provide value as reference material.