• Incident Response & Computer Forensics – 2nd Edition

    by  • July 30, 2009 • G-I

    Rating fourhalf

    The Bottom Line

    Incident response and computer forensics is a passion of mine right now (if you can be “passionate” about such a thing). Maybe I have watched too many episodes of CSI, but I find the whole concept very intriguing. This book is arguably the best I have read on the subject. Incident Response is in larger print on the cover, but much of the book, and in my opinion the best and most important parts of the book, comes from the Computer Forensics side. I highly recommend this excellent book.
    Pros
    • One of the best books on computer forensics and evidence collection
    • Tons of new and updated information since the first edition
    • “Eye Witness Reports” help give real-world perspective
    Cons
    • None

    Description

    • If collected wrong, computer evidence is useless in court- this book will help you do it right
    • Comprehensive coverage of handling an incident from first response through investigation
    • Real world scenarios help the reader to understand how these concepts work in real life
    • Much of the book is new or significantly rewritten since the first edition

    Review:

    The whole idea of forensics- computer or otherwise- is in reality not as glamorous as shows like CSI would have you believe. It is fun to watch them piece together small, seemingly unrelated tidbits of evidence to form a complete case- but the fact that they do it in a 1-hour show doesn’t do it justice.Collecting forensic evidence is often a slow and tedious process. If it is done wrong the evidence will be corrupt and may be inadmissable in court based on a technicality.

    Being responsible for incident response means you usually get called for one of two jobs- either an attack is ongoing and you need to take the necessary steps to stop or block the incident from continuing while also preserving evidence, or you may be asked to do a forensic investigation of a computer of an ex-employee or something. In either event you would do well to have this book nearby.

    Incident Response & Computer Forensics – 2nd Edition is one of the best books on the market for these subjects. Kevin Mandia and Chris Prosise bring extensive real-world experience to the table and share tons of valuable and useful information with their readers.

    The book covers everything from establishing policies and procedures to collecting data from live Windows or Unix machines. The chapters on Forensic Duplication and Evidence Handling are excellent.

    It may not be glamorous, but for some it is still a thrill to be able to extract evidence and solve the puzzle. If you are one of those people- get this book.

    Incident Response and Computer Forensics, 2nd Edition.(Reviews)(Book Review): An article from: Security Management

    About

    Tony has driven security policies and technologies for antivirus and incident response for Fortune 500 companies, and he has been network administrator and technical support for smaller companies. He has written for a variety of other Web sites and publications, including BizTech Magazine, PC World, SearchSecurity.com, WindowsNetworking.com, Smart Computing magazine, and Information Security magazine. Tony is a CISSP (Certified Information Systems Security Professional) and ISSAP (Information Systems Security Architecture Professional). He is Microsoft Certified as an MCSE (Microsoft Certified Systems Engineer) and MCSA (Microsoft Certified Systems Administrator) in Windows 2000 and an MCP (Microsoft Certified Professional) in Windows NT. Tony has been recognized by Microsoft as an MVP (Most Valuable Professional) in Windows security since 2006. In addition to his Web site and magazine contributions, Tony was also tech editor of PCI Compliance (ISBN: 1597491659 ) and author of Essential Computer Security: Everyone’s Guide to E-mail, Internet, and Wireless Security (ISBN: 1597491144), coauthor of Hacker’s Challenge 3 (ISBN: 0072263040) and a contributing author to Winternals: Defragmentation, Recovery, and Administration Field Guide (ISBN: 1597490792), Combating Spyware in the Enterprise (ISBN: 1597490644) Syngress Force 2006 Emerging Threat Analysis: From Mischief to Malicious (ISBN: 1597490563), Botnets: The Killer Web Applications (ISBN: 1597491357), and AVIEN Malware Defense Guide for the Enterprise (ISBN: 1597491640).

    http://www.tonybradley.com