Regular marked price: $52.99Discount Price: $33.38
Cost Savings: $19.61 (37%)Price fluctuation possible.
How soon does it ship: Normal ship time within one day
Shipping? Absolutely FREE if you qualify for Super Saver Shipping.
Type of bind: Paperback
Dewey Decimal Number: 005
EAN num: 9780072226966
ISBN number: 007222696X
Label: McGraw-Hill/Osborne
Manufacturer: McGraw-Hill/Osborne
Quantity: 1
Page Count: 507
Printing Date: July 17, 2003
Publishing house: McGraw-Hill/Osborne
Sale Popularity Level: 107863
Studio: McGraw-Hill/Osborne
Other books you might be interested in perusing:
Editor's Notes and Comments:
Product Description:
Written by FBI insiders, this updated best-seller offers a look at the legal, procedural, and technical steps of incident response and computer forensics. Including new chapters on forensic analysis and remediation, and real-world case studies, this revealing book shows how to counteract and conquer today’s hack attacks.
Amazon.com Review:
A strong system of defenses will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Incident Response aims to teach you how to determine when an attack has occurred or is underway--they're often hard to spot--and show you what to do about it. Authors Kevin Mandia and Chris Prosise favor a tools- and procedures-centric approach to the subject, thereby distinguishing this book from others that catalog particular attacks and methods for dealing with each one. The approach is more generic, and therefore better suited to dealing with newly emerging attack techniques.
Anti-attack procedures are presented with the goal of identifying, apprehending, and successfully prosecuting attackers. The advice on carefully preserving volatile information, such as the list of processes active at the time of an attack, is easy to follow. The book is quick to endorse tools, the functionalities of which are described so as to inspire creative applications. Information on bad-guy behavior is top quality as well, giving readers knowledge of how to interpret logs and other observed phenomena. Mandia and Prosise don't--and can't--offer a foolproof guide to catching crackers in the act, but they do offer a great 'best practices' guide to active surveillance. --David Wall
Topics covered: Monitoring computer systems for evidence of malicious activity, and reacting to such activity when it's detected. With coverage of Windows and Unix systems as well as non-platform-specific resources like Web services and routers, the book covers the fundamentals of incident response, processes for gathering evidence of an attack, and tools for making forensic work easier.
User popularity level:
Rated by buyers 
-
You must buy if you are beginner, intermedium or advanced in forensic computers.
Rated by buyers 
-
I liked this book, but it is scattered in its topics. A lot of the information can be found online, and the tools aren't what we use on a daily basis. I'm not sure if any of them are commercial tools in this book.
I liked File System Forensics by Brian Carrier better. Even though it had a smaller area to cover it provided a better introduction to the area and I could see how it could be used in a class better. Still, this book does have a lot of good content and makes a nice addition.
Rated by buyers -
This is no doubt the best incidence reponse book out. I highly recommend this for anyone either in the field, learning to get into the field, or running a small to medium sized company without a team of experts. My entire network admin team uses this as a reference at the side of their desk.
Rated by buyers 
-
I read the book in about three days and found it to be a good primer for one leaning towards computer forensics. While some of the technology and tools described in the book will undoubtedly change within the subsequent few months, a lot of the basic principles will remain pertinent for a long time to come. I heartily recommend this book for anyone with more than just a casual interest in Computer Security.
Rated by buyers -
As an attorney and a formally-trained computer forensics examiner and instructor who has been tilling the fields of digital evidence for some time, I'm always on the prowl for the subsequent great computer forensics tool or text that's going to help me find the subsequent smoking gun...or at least be confident I haven't overlooked it. I've built a substantial library of books and articles on computer forensics, some very good and some a complete waste of money. But, this book is the best of the best.
From its step-by-step detail of the forensic process to its copious and helpful illustrations and screen shots to its unvarnished discusion of the tools in the marketplace, the second edition of Incident Response and Computer Forensics is, for my money, the most valuable resource any computer forensic examiner could have on their shelf. Many of the techniques and shortcuts detailed are "trade secrets" in that I've never seen them described in print. Unlike other forensic guides that assume the reader owns a costly forensic software suite, this book fairly splits its emphasis between Linux tools, shareware and the best software packages. That means the reader can begin the learning process at once, without investing anything more than their time and interest.
Another strength is that the book neither presupposes a too-high level of knowledge or experience nor dumbs down its content such that an expert wouldn't derive any value. There's something here for everyone who cares about computer forensics, from the neophyte to the grizzled veteran. When I paid $50.00 for this tome at a big box bookstore, I worried I was paying too much. Now, I'd think it cheap at twice the price.
As another reviewer pointed out, it doesn't devote a chapter to the law, but that is not to say that legal considerations are ignored. To the contrary, I think the authors do an excellent job of giving a useful "heads-up" where needed and not moving out of their depth.
I don't know these guys, but I'd sure like to shake their hands for a job well done! Thanks.
Craig Ball is an attorney and certified computer forensic examiner based in Montgomery, Texas, who teaches and consults with attorneys and the courts on matters of computer forensics and electronic discovery.
Find other books like this one:
