Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit [Paperback]

I recently finished reading Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit by (Ryan Kubasiak and Sean Morrissey) and was somewhat surprised to find there were no reviews on Amazon. I've submitted my Amazon review and I'm sharing it here with you on my blog.

The book introduces the reader to the Mac OS X operating system and common Apple hardware (i.e. iPods, iPhones, iMacs, etc.) out there today. The intended audience is digital forensic investigators, security professionals, and law enforcement. If you've read a Syngress digital forensics book such as Harlan Carvey's Windows Forensic Analysis, Second Edition, you are familiar with how these books encourage a hands-on learning approach through exercises and the use of specific forensic tools. This book follows the same path and, like Carvey's book, offers a DVD filled with exercises, images, and tools for the DIY forensicator.
The authors provide an excellent overview of the Macintosh operating system and include topics such as disk partitioning and Apple Disk images (DMG). For example, chapter 4 is dedicated to the HFS+ file system used by Macintosh computers and drills down to disk level file system forensics. While Brian Carrier's File System Forensic Analysis book touches on Apple partitions, the Mac OS X iPod, and iPhone Forensic Analysis DVD Toolkit book dives even more deeply into the file system structure and nomenclature.
This book demystifies topics such as FileVault (Apple's answer to file encryption) and Time Machine. It includes content on decrypting FileVault and restoring files from a Time Machine backup. The authors draw on their extensive experience and research to provide best practices, tips, and tricks for preserving and forensically acquiring data from Mac file systems. The authors extensively cover email, Safari based internet artifacts, chat logs, photos, videos, documents, .plists, and other valuable forensic evidence that can be recovered from a Macintosh.
The authors provide an extensive tool set with the accompanying DVD that includes both proprietary and open source tools that can be used to acquire and analyze devices such as Apple computers, iPhone and iPods. The Appendix is full of How-To's that deal with such issues as Bootcamp and virtualization, setting up a Macintosh computer for forensic use, and capturing volatile data on a Mac when conducting digital forensic triage on-scene of an incident.
If you are a digital forensic practitioner and want to learn Macintosh forensics, I highly recommend this book. Now is the time to become familiar with Macintosh and iOS forensics. If you have not had to image or analyze a Macintosh yet, you will. This book makes a great addition to your computer forensic library and is a resource for conducting Macintosh forensic examinations. If the authors pursue a 2nd edition of the book, I'd like to see more information on iOS devices (Note: Late breaking...it appears there is a book in the works iOS Forensic Analysis: for iPhone, iPad and iPod Touch), iDisk ("data from the cloud"), plists, low-level disk forensics, and maybe a chapter on tying it all together for the investigator/examiner when responding to an incident.
So if you are debating whether or not to add this book to your computer forensic reading library, Chapter 4: HFS Plus File System and Chapter 7: Acquiring Forensic Images are invaluable for an investigator/examiner; from Catalog Files in the HFS Plus File System, to imaging an iPod from your forensically configured Macintosh. This book will be an immediate reference tool for me when I'm performing Macintosh digital forensics.

The book was alright, but it focused more on the Mac OS X platform than anything. I bought it looking for advice on how to grab an image of an iPhone, but I did not like the method presented.