On the importance of foundational texts


Every field of study has a set of foundational texts. They may not reflect the state of the art in modern times, but students and practitioners in a given field generally need at least a passing familiarity with them to claim any significant expertise.

For example, imagine a political scientist who never reads Machiavelli's The Prince or perhaps de Tocqueville's Democracy in America. Medical students almost all study at least one edition of Gray's Anatomy. Computer scientists regard The Art of Computer Programming as one of the cornerstones of the entire field.

What about digital forensics & incident response, or threat intelligence? I'd suggest two volumes that everyone working in this area should read.

These three books alone will not provide all the expertise required. Certainly specializations within the field will have additions, and overlap exists with other fields such as programming and computer architecture. But any serious student of DFIR or threat intelligence should read these two and understand the lessons within.

If you have additional suggestions, I'd love to talk with you on Twitter about it. In the meantime, I should take my own advice and fill in some gaps in my own background.