I love Forensics Mastering Windows Network
I have been a federal agent and computer forensic examiner for over 10 years and this is the first book I have found that covers the areas of network forensics and live analysis techniques. Most books will cover how to conduct a standard forensic exam of a stand alone computer, but this book goes into detail on how to conduct forensic exams on networks and find the evidence left behind. I really learned a lot through the excellent screen captures and “how tos” that walk you through the process. The authors cover the forensic exam as well as the invetigation which is very helpful.
I highly recommend this book to anyone who works in the arena of computer crime, ecspecially intrusion investigations and computer forensics.