- Paperback: 512 pages
- Publisher: McGraw-Hill Osborne Media; 1 edition (Jun 21 2001)
- Language: English
- ISBN-10: 0072131829
- ISBN-13: 978-0072131826
- Product Dimensions: 22.6 x 18.8 x 3.6 cm
- Shipping Weight: 1.1 Kg
- Average Customer Review: 4.7 out of 5 stars See all reviews (26 customer reviews)
- Amazon Bestsellers Rank: #984,963 in Books (See Top 100 in Books)
- See Complete Table of Contents
|
||||||||||||||||||
|
||||||||||||||||||
|
||||||||||||||||||
| |||||||||||||||
|
There is a newer edition of this item:
|
Product Details |
Product Description
From Amazon
Incident Response aims to teach you how to determine when an attack has occurred or is underway--they're often hard to spot--and show you what to do about it. A strong system of defences will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Authors Kevin Mandia and Chris Prosise favour a tools--and procedures-centric approach to the subject, thereby distinguishing this book from others that catalogue attacks and methods for dealing with each. The approach is more generic and therefore better suited to dealing with newly emerging attack techniques.
Anti-attack procedures are presented with the goal of identifying, apprehending and successfully prosecuting attackers. The advice on carefully preserving volatile information, such as the list of processes active at the time of an attack, is easy to follow. The book is quick to endorse tools, the functionalities of which are described so as to inspire creative applications. Information on bad-guy behaviour is top-quality as well, giving readers knowledge of how to interpret logs and other observed phenomena. Mandia and Prosise don't--and can't--offer a foolproof guide to catching crackers in the act, but they do offer a great "best practices" guide to active surveillance. --David Wall
Topics covered: Monitoring computer systems for evidence of malicious activity and reacting to such activity when it's detected. With coverage of Windows and Unix systems as well as non-platform-specific resources like Web services and routers, the book covers the fundamentals of incident response, processes for gathering evidence of an attack and tools for making forensic work easier.
Review
"... poorly trained network administrators and the lack of firewalls and intrustion detection systems still make it difficult to find the source and strategy of the attack." Computerworld article (8/21/00) on Incident Response featuring David Dittrich, a researcher who spoke at the Usenix Security Symposium."
Inside This Book
(Learn More)
First Sentence
Computers are continually changing the face of crime and computer security. Read the first page
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Computers are continually changing the face of crime and computer security. Read the first page
Explore More
Concordance
Browse Sample PagesConcordance
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organize and find favorite items. |
Customer Reviews
|
Share your thoughts with other customers:
|
||||||||||||||||||||||
|
Most helpful customer reviews
4.0 out of 5 stars
Excellent basic reference,
By
This review is from: Incident Response & Computer Forensics, 2nd Ed. (Paperback)
I read the book in about three days and found it to be a good primer for one leaning towards computer forensics. While some of the technology and tools described in the book will undoubtedly change within the next few months, a lot of the basic principles will remain pertinent for a long time to come. I heartily recommend this book for anyone with more than just a casual interest in Computer Security.
5.0 out of 5 stars
The Very Best Computer Forensics Primer Out There (1/04),
By
This review is from: Incident Response & Computer Forensics, 2nd Ed. (Paperback)
As an attorney and a formally-trained computer forensics examiner and instructor who has been tilling the fields of digital evidence for some time, I'm always on the prowl for the next great computer forensics tool or text that's going to help me find the next smoking gun...or at least be confident I haven't overlooked it. I've built a substantial library of books and articles on computer forensics, some very good and some a complete waste of money. But, this book is the best of the best.From its step-by-step detail of the forensic process to its copious and helpful illustrations and screen shots to its unvarnished discussion of the tools in the marketplace, the second edition of Incident Response and Computer Forensics is, for my money, the most valuable resource any computer forensic examiner could have on their shelf. Many of the techniques and shortcuts detailed are "trade secrets" in that I've never seen them described in print. Unlike other forensic guides that assume the reader owns a costly forensic software suite, this book fairly splits its emphasis between Linux tools, shareware and the best software packages. That means the reader can begin the learning process at once, without investing anything more than their time and interest. Another strength is that the book neither presupposes a too-high level of knowledge or experience nor dumbs down its content such that an expert wouldn't derive any value. There's something here for everyone who cares about computer forensics, from the neophyte to the grizzled veteran. When I paid $50.00 for this tome at a big box bookstore, I worried I was paying too much. Now, I'd think it cheap at twice the price. As another reviewer pointed out, it doesn't devote a chapter to the law, but that is not to say that legal considerations are ignored. To the contrary, I think the authors do an excellent job of giving a useful "heads-up" where needed and not moving out of their depth. I don't know these guys, but I'd sure like to shake their hands for a job well done! Thanks. Craig Ball is an attorney and certified computer forensic examiner based in Montgomery, Texas, who teaches and consults with attorneys and the courts on matters of computer forensics and electronic discovery.
2.0 out of 5 stars
mediocre,
By Justin Gombos (belgium) - See all my reviews
This review is from: Incident Response & Computer Forensics, 2nd Ed. (Paperback)
The book gives a decent overview on the field, but lacks technical accuracy. The authors fumble on technical details. For example, the authors botched the explanation of what happens when a unix file is deleted by claiming that all files with a link count of zero will be deleted. They also make the claim that only the SCSI interface will accommodate the multiple simultaneous communication that RAID requires - when really IDE will do this as well given proper firmware. Another gross oversight was the exclusion of reverse engineering in their investigation of rogue files chapter. When emailing the authors about this, all three ignored the email. I do not recommend supporting authors that ignore their readers.
Share your thoughts with other customers: Create your own review
Want to see more reviews on this item?
|
Most recent customer reviews |
Listmania!
Look for similar items by category
- Books > Computers & Internet > Business & Culture > Hacking
- Books > Computers & Internet > Business & Culture > Privacy
- Books > Computers & Internet > Networking > Network Security
- Books > Computers & Internet > Networking > Networks, Protocols & APIs
- Books > Computers & Internet > Operating Systems
- Books > Computers & Internet > Programming
- Books > Computers & Internet > Software
- Books > Computers & Internet > Web Development > Security & Encryption > Encryption
- Books > Nonfiction > Crime & Criminals > Criminology
- Books > Nonfiction > Social Sciences > Sociology
- Books > Nonfiction > True Accounts > True Crime
Look for similar items by subject
Feedback
Would you like to update product info or give feedback on images?
