Order from a Major Online Bookstore
Ultimate Book Price Comparison Engine
Save Your Time And Money
| AnyBook4Less.com | Order from a Major Online Bookstore |
|
| Home | Store List | FAQ | Contact Us | | ||
| Ultimate Book Price Comparison Engine Save Your Time And Money |
||
 |
Title: Incident Response and Computer Forensics, Second Edition by Chris Prosise, Kevin Mandia, Matt Pepe ISBN: 0-07-222696-X Publisher: McGraw-Hill Osborne Media Pub. Date: 17 July, 2003 Format: Paperback Volumes: 1 List Price(USD): $49.99 |
Average Customer Rating: 4.65 (26 reviews)
Rating: 5
Summary: The best computer forensics book just got better
Comment: First, full disclosure: the publisher sent me a free review copy, I used to work for Mandia and now work with Prosise and Pepe, and I contributed material incorporated into chapters 8 and 14. I still think "Incident Response and Computer Forensics, 2nd Edition" (IRCF2E) is the best forensics book on the market. Notice I said "forensics." It's significant that the first edition's title was "Incident Response: Investigating Computer Crime." While IRCF2E contains plenty of IR material, I sense a shift away from computer security and towards the legal world in this second edition.
Readers of the first edition will want to know what's new. While reading IRCF2E I thumbed through the first edition and make some notes. The following chapters appear mostly or totally new: 1 (Real-World Incidents), 3 (Preparing for Incident Response), 4 (After Detection of an Incident), 9 (Evidence Handling), 10 (Computer System Storage Fundamentals), 11 (Data Analysis Techniques), 17 (Writing Computer Forensics Reports). Some chapters contain rewrites or new material: 2 (Intro to the IR Process), 5 (Live Data Collection from Windows), 6 (Live Data Collection from UNIX), 7 (Forensic Duplication), 8 (Collecting Network-based Evidence), and 14 (Analyzing Network Traffic). The remainder received minor rewrites. Some chapters from the first edition on IIS and application forensics were integrated elsewhere.
The most informative sections for me, as a reader of both editions, appear in chapters 7, 10, and 17. Chapter 7 lays down the law on differences between a "forensic duplication," a "qualified forensic duplication," and a "mirror image." Expert witnesses can turn to IRCF2E as a standard when testifying, thanks to this chapter's clarity and citations of "Daubert" and "Kumho." Chapter 10 nicely explains file systems and storage layers. Chapter 17 gives desperately needed guidance on writing forensics reports -- the part of an engagement the client really wants.
I found a few errata items, such as p. 61's reference to the PPA; it should be "Privacy Protection Act." On pp. 97-98, all of the "ps" tools should list the Sysinternals home page, not Foundstone. Despite my contribution of material to the network-oriented chapters of IRCF2E, don't believe that I advocate using laptops for monitoring duties (p. 179). Laptops and especially their NIC drivers are not built for packet capture in high speed environments.
IRCF2E is one of the few books in print where the word "forensics" deserves to be on the cover. Many prominent "forensics" titles deliver nothing useful to practitioners. As was the case with the first edition, investigators can use IRCF2E in operational environments to do real work. This book lays much of the groundwork for doing cases. Watch for "Real Digital Forensics" to be published next year, which walks readers through case-based evidence to teach how to collect, interpret, and analyze host- and network-based evidence.
Rating: 5
Summary: Excellent book on incident response
Comment: In one of the greatest legal maneuvers of the 20th century, lawyers for John DeLorean ingeniously convinced a jury in his drug-trafficking trial to ignore video evidence that directly implicated their client. If lawyers can talk jurors out of trusting their own eyes, then getting digital evidence of a computer crime thrown out should be child's play.
Incident Response: Investigating Computer Crime was written to prevent that latter scenario from occurring. This is a primer for the many information technology departments that are uninformed regarding how to identify and properly collect hard-to-find digital evidence.
The authors, both veterans in computer crime response, provide a remarkably well-documented overview of how to ensure that evidence left over from a computer crime is not compromised. The book details the proper courses of action to respond to computer breaches. Web sites and software tools are listed to ease the way for the investigator.
Since digital evidence is often the only substantiation of a computer crime, securing this evidence is paramount. This book shows how it's done, and anyone involved in computer security or incident response should know too.
Rating: 4
Summary: Excellent basic reference
Comment: I read the book in about three days and found it to be a good primer for one leaning towards computer forensics. While some of the technology and tools described in the book will undoubtedly change within the next few months, a lot of the basic principles will remain pertinent for a long time to come. I heartily recommend this book for anyone with more than just a casual interest in Computer Security.
 |
Title: Computer Forensics : Incident Response Essentials by Warren G. Kruse II, Jay G. Heiser ISBN: 0201707195 Publisher: Addison-Wesley Pub Co Pub. Date: 26 September, 2001 List Price(USD): $44.99 |
 |
Title: Hacking Exposed: Network Security Secrets & Solutions, Fourth Edition (Hacking Exposed) by Stuart McClure, Joel Scambray, George Kurtz ISBN: 0072227427 Publisher: McGraw-Hill Osborne Media Pub. Date: 25 February, 2003 List Price(USD): $49.99 |
 |
Title: Anti-Hacker Tool Kit by Keith Jones, Mike Shema, Bradley Johnson ISBN: 0072222824 Publisher: McGraw-Hill Osborne Media Pub. Date: 25 June, 2002 List Price(USD): $59.99 |
 |
Title: Handbook of Computer Crime Investigation: Forensic Tools & Technology by Eoghan Casey ISBN: 0121631036 Publisher: Academic Press Pub. Date: 15 October, 2001 List Price(USD): $39.95 |
 |
Title: Malicious Mobile Code: Virus Protection for Windows (O'Reilly Computer Security) by Roger A. Grimes ISBN: 156592682X Publisher: O'Reilly & Associates Pub. Date: August, 2001 List Price(USD): $39.95 |
Thank you for visiting www.AnyBook4Less.com and enjoy your savings!
Copyright� 2001-2021 Send your comments
