Incident Response and Computer Forensics, Second Edition |
|
|
|
|
This book is also available, brand-new, from 3rd-party marketplace sellers at Amazon.com, from $28.13.
|
The HTML code below can be pasted onto your web-site, your MySpace page, or blog - or any number of similar places - to create a link to this page:
If, instead of a text link, you'd like to create a link to this page which will display the book cover, if it's available, then the code below will do exactly that:
Check for the same book at these other US book sites:
• [ Abebooks ]
• [ Alibris ]
• [ Barnes & Noble ]
• [ Half.com ]
• [ Powells ]
… or check UK bookstores
|
Editorial Review / Publisher's Information:
Product Description
Written by FBI insiders, this updated best-seller offers a look at the legal, procedural, and technical steps of incident response and computer forensics. Including new chapters on forensic analysis and remediation, and real-world case studies, this revealing book shows how to counteract and conquer today's hack attacks.
Amazon.com Review
A strong system of defenses will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Incident Response aims to teach you how to determine when an attack has occurred or is underway--they're often hard to spot--and show you what to do about it. Authors Kevin Mandia and Chris Prosise favor a tools- and procedures-centric approach to the subject, thereby distinguishing this book from others that catalog particular attacks and methods for dealing with each one. The approach is more generic, and therefore better suited to dealing with newly emerging attack techniques. Anti-attack procedures are presented with the goal of identifying, apprehending, and successfully prosecuting attackers. The advice on carefully preserving volatile information, such as the list of processes active at the time of an attack, is easy to follow. The book is quick to endorse tools, the functionalities of which are described so as to inspire creative applications. Information on bad-guy behavior is top quality as well, giving readers knowledge of how to interpret logs and other observed phenomena. Mandia and Prosise don't--and can't--offer a foolproof guide to catching crackers in the act, but they do offer a great "best practices" guide to active surveillance. --David Wall Topics covered: Monitoring computer systems for evidence of malicious activity, and reacting to such activity when it's detected. With coverage of Windows and Unix systems as well as non-platform-specific resources like Web services and routers, the book covers the fundamentals of incident response, processes for gathering evidence of an attack, and tools for making forensic work easier.
|
Other Items You May Enjoy:
Browse Books From These Related Subjects:
Customer Reviews:
• Ok Book But File System Forensic Is Better
24 May, 2006
I liked this book, but it is scattered in its topics. A lot of the information can be found online, and the tools aren't what we use on a daily basis. I'm not sure if any of them are commercial tools in this book.
I liked File System Forensics by Brian Carrier better. Even though it had a smaller area to cover it provided a better introduction to the area and I could see how it could be used in a class better. Still, this book does have a lot of good content and makes a nice addition.
- Amazon Customer Review
• Still Relevant And An Excellent Book
22 June, 2009
Must have been 5 years ago or so when I first bought this book. I have been using it ever since. This is not a Forensics book, but it is a nice marketing ploy to add it into the title.
This book is organized very methodologically. The book is divided into 4 parts.
.-Introduction
.-Data Collection
.-Data Analysis
.-Appendixes
The name "introduction" may be misleading for the Part I, since this part contains very important chapters, by following the processes and recommendations of the author makes responding to an incident simpler and more productive. There is nothing worse than a group of techies declaring an incident and start shutting down servers without a plan or a process. I have seen the web services of an organization go down for a week for the lack of planning, if they had a process in place all they had to do is shut down the ports the virus was using to propagate.
This may be an older book but it's still relevant, easy to understand and adopt. Of course NIST has the special publication SP800-61 to deal with IR and yet it is not as simple to read and understand.
Best Fishes and thank you for reading.
- Amazon Customer Review
• Copyright 2003--this Book Is Ancient!
05 February, 2010
Amazingly enough this book still has some value--human processes don't change that much. Their incident response examples seem charmingly innocent--like being called to assist a company with a single exchange server or setting a threshold of 5 affected machines. But,unless you're just nostalgic you probably want to stay away.
How big a machine do you need to run your tools on? Their specification for a forensics workstation calls for a "High end processor" with "A minimum of 256MB of RAM". (Yes, that's *megabytes* and I'm sure it was a screamer in its day.) And they keep talking about these things called "floppies"... Furthermore, I'm pretty sure their 7 year old tools are going to be pretty hit or miss in terms of their value and I'm guessing that the 7 year old links to web resources are going to be a little spotty.
Memo to self--check copyright dates next time.
- Amazon Customer Review
• Best Incidence Reponse Book Out
03 March, 2005
This is no doubt the best incidence reponse book out. I highly recommend this for anyone either in the field, learning to get into the field, or running a small to medium sized company without a team of experts. My entire network admin team uses this as a reference at the side of their desk.
- Amazon Customer Review
• You Must Buy...
17 January, 2007
You must buy if you are beginner, intermedium or advanced in forensic computers.
- Amazon Customer Review
|
