twjolson wrote:
If money is an issue, go with white papers.
I get most of mine from various blogs, forensic focus, SANS, as well as good searches for whatever topic I am studying.
You don't need to buy a book to get knowledge. Remember, the material you find in books today was probably in a white paper previously.
I (respectfully) disagree.
The "basics" you cannot get through a number of various, often controiversial or however unorganized/random sources.
Someone "new" to the field will *need* some base books (sure some info might be not-updated-to-the-last-find, but rarely it will become actually "completely" outdated) because in a book there is an Author which talks of topics in a given order and provides a structure to the info, these structures won't get outdated.
Speaking of MS filesystems and operating systems, from time to time I find something of use in books written for NT 3.5 or NT 4.0 that is still valid "as is" or a same given *something* has been replaced by *something else*.
Of course it makes little sense to study info about a device that you will never see, but the "general" or "fundamentals" won't change that much.
jaclaz
↧