Whereas many similar books focus on a broad coverage of the field, this book focuses on subtle particulars relevant to a specific operating system that is applicable to nearly every computer forensic analysis of a Windows operating system. Additionally, as Harlan has not reiterated what has been written before, the most gainful information starts from the first chapter lasting to the end chapter. This is a blessing considering each newly published book on the subject matter usually requires skipping the first several chapters to find new material.
The details of technical explanations are immediately useful for CyberCrime investigators while at the same time, not so technical that an additional reference book is needed to translate what Harlan is describing. With many books of the same genre, technical descriptions of complex topics are written as such; technically difficult to comprehend. However, Harlan has written in a manner that complexity doesn't have to be incomprehensible. This is a very difficult task for this subject matter.
The content will be as current for as long as there exists a need for forensic exams on Windows Operating Systems, which may be a very long time. Harlan has always been in the forefront of live analysis, that is, an analysis of a running computer for evidence of malicious intent and his most recent book covers this aspect of forensic investigations completely.
The reader must be familiar with computer forensics basics, more so than just having read a book on the subject. Those that conduct computer forensic investigations beyond basic data recovery would greatly benefit from the majority of the chapters. In particular, the chapter on Registry Analysis gives information not found anywhere else, but which should have been provided somewhere given the volume of evidential information obtainable in that area of analysis.
In this area of highly technical skills, it is rare that reference books are written in a manner of being easy to read, yet complete in the explanations of difficult to describe topics. The examples in the book are simple to follow and are also realistic as applied to the practical world.
Perhaps the most significant bonus with this book is the accompanying DVD. Harlan not only details the software applications he has written (in Perl for the most part), but he includes them on a DVD with the book. Given the extreme cost of conducting forensic examinations with software purchases, this is a very gratuitous bonus for those that actively conduct electronic investigations, as the tools can be readily applied to many situations. For the majority of any software applications that he does not supply on the DVD, the applications he references are not the highly expensive, commercial tools, but rather freely available.
I would surmise that every forensic examiner will eventually have this book on their desk, as the work that Harlan has done in testing these forensic analysis environments, can be applied quickly by other examiners in their investigations. At this point, Harlan's newest book is my most prized reference in my library.
The only suggestion for Harlan would be to get started on another book, on my favorite topic, Registry Analysis."