I would suggest:
1. Books on the Windows device registry. Ranging from XP to 10.
2. The same thing, only about *nix, if you plan to work with him.
3. Pay special attention to the creation of a timeline.
4. Learn Wireshark, too, is necessary.
5. Try the ever-popular system zipovoj forensics: Belkasoft, EnCase, etc.
6. Let's add log2timeline, Sysinternal Suite, FTK Imager, Event Log Explorer, program to recover deleted information, programs for password in the archive.
7. Feel free images LiveCD systems, of which there are plenty, even on habré article with description.
8. Remove the image from any computer and try to determine what did people who rabotal, with whom communicated, what sites visited, etc. From their it was no use - and so you all know.
Specifically, books in Russian for the CIS no. There is no good. I would advise you to read "Digital Archaeology The Art and Science of Digital Forensics by Michael W. Graves" or something like that it's called. Plus necessarily blogs on the forensic, a lot of them. It periodically skips a good video in English. Also look for articles of the Affairs of the CIS, is useful. Well, the Russian-speaking forum to learn, sometimes it skips interesting posts.