Top Forensic & Incident Response Books
The reality is that you are almost bound to become victim at some point to a hack attack, virus, worm or other malicious code. When that happens you need to have knowledge of how to conduct a forensic investigation and find the clues you need to handle the incident.[ These books are excellent sources of information on this topic.
1. Incident Response: Computer Forensics Toolkit
Douglas Schweitzer does a superb job of providing the reader with the knowledge they need to respond to computer security incidents. Incident Response walks the reader through all of the phases of computer incident response: preparation, detection, gathering clues and evidence, cleaning the system, recovering lost data and applying any lessons learned to prevent future incidents.
2. A Guide to Forensic Testimony: The Art and Practice of Presenting Testimony As An Expert Technical Witness
3. Computer Forensics: Incident Response Essentials
This book is a couple years old now, but the fundamentals remain essentially the same. While security experts may not learn anything new from this book, those entering the field will find it invaluable. It is comprehensive and detailed while remaining easy to read. Computer Forensics could easily be kept nearby as a handy reference for a computer forensic investigation.
4. Incident Response and Computer Forensics, 2nd Edition.
Kevin Mandia and Chris Prosise have updated and added a ton to this 2nd edition of Incident Response & Computer Forensics. If you are responsible for incident response or forensic computer investigations this book is a must read.
5. The Effective Incident Response Team
Julie Lucas and Brian Moeller have written a great book for a manager looking for help in defining and creating a computer incident response team. This book will help answer the necessary questions to create the team and define the scope and focus of a CIRT. The book is in plain English and not too technical.