On the importance of foundational texts


Every field of study has a set of foundational texts. They may not reflect the state of the art in modern times, but students and practitioners in a given field generally need at least a passing familiarity with them to claim any significant expertise.

For example, imagine a political scientist who never reads Machiavelli’s The Prince or perhaps de Tocqueville’s Democracy in America. Medical students almost all study at least one edition of Gray’s Anatomy. Computer scientists regard The Art of Computer Programming as one of the cornerstones of the entire field.

What about digital forensics & incident response, or threat intelligence? I’d suggest two volumes that everyone working in this area should read.

  • The Cuckoo’s Egg tells the story of an international computer investigation that began in 1986. The lessons regarding attribution, honeypots, and espionage remain relevant into the 21st century.
  • Psychology of Intelligence Analysis explains important aspects of critical thinking and cognitive biases essential to this field.
  • Secrets & Lies frequently comes up in these conversations. I must confess to having not read it thus far, although Beyond Fear from the same author presents endlessly useful ways to think about risk and security.

These three books alone will not provide all the expertise required. Certainly specializations within the field will have additions, and overlap exists with other fields such as programming and computer architecture. But any serious student of DFIR or threat intelligence should read these two and understand the lessons within.

If you have additional suggestions, I’d love to talk with you on Twitter about it. In the meantime, I should take my own advice and fill in some gaps in my own background.