Incident Response: Computer Forensics Toolkit Paperback – May 2 2003
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
From the Back Cover
Your in-depth guide to detecting network breaches, uncovering evidence, and preventing future attacks
Whether its from malicious code sent through an e-mail or an unauthorized user accessing company files, your network is vulnerable to attack. Your response to such incidents is critical. With this comprehensive guide, Douglas Schweitzer arms you with the tools to reveal a security breach, gather evidence to report the crime, and conduct audits to prevent future attacks. He also provides you with a firm understanding of the methodologies for incident response and computer forensics, Federal Computer Crime law information and evidence requirements, legal issues, and how to work with law enforcement.
Youll learn how to:
- Recognize the telltale signs of an incident and take specific response measures
- Search for evidence by preparing operating systems, identifying network devices, and collecting data from memory
- Analyze and detect when malicious code enters the system and quickly locate hidden files
- Perform keyword searches, review browser history, and examine Web caches to retrieve and analyze clues
- Create a forensics toolkit to prop-erly collect and preserve evidence
- Contain an incident by severing network and Internet connections, and then eradicate any vulnerabilities you uncover
- Anticipate future attacks and monitor your system accordingly
- Prevent espionage, insider attacks, and inappropriate use of the network
- Develop policies and procedures to carefully audit the system
- Helpful tools to capture and protect forensic data; search volumes, drives, and servers for evidence; and rebuild systems quickly after evidence has been obtained
- Valuable checklists developed by the author for all aspects of incident response and handling
About the Author
DOUGLAS SCHWEITZER is an Internet security specialist and authority on malicious code and computer forensics. He is a Cisco Certified Network Associate and Certified Internet Webmaster Associate, and holds A+, Network+, and i-Net+ certifications. Schweitzer is also the author of Internet Security Made Easy and Securing the Network from Malicious Code.
Top Customer Reviews
Edgar Danielyan, CISSP
Author, SOLARIS 8 SECURITY and INFORMATION SECURITY QUALIFICATIONS HANDBOOK
The author talks briefly about types of attacks, briefly about forensics tools, and briefly about the incident response procedures. Such shallow coverage of the topics makes for a quite dissappointing read.
On the other hand he offers the readers complete text of USA Patriot Act 2001 - with little discussion of its implications, privacy concerns and its impact on the organizational security! Readers also get treated to full texts of Janet Renot(sp?) speeches - also with little explanation. Seems he tried to increase the word count of the book.
Forensics tools are mentioned with instructions to run them starting as "Step 1:Click the Start menu button". Every tool has a half a page description on how to start it with a screenshot taking up the rest of the page.
Forensics techniques are described, but the author presents this quite technical material in the abstract, easy-to-read form that takes away all the usefullness of it - reads like a summary.
Incident response chapters present the reader with the common sense material. Might be useful to get an idea of what is involved in developing a incident response process, but it's hard to find it practical - it's simply too general.
A fair introductory book, could be much better.
There are rooms for improvement in structurinng between paragraph and addition of more detailed information. Jumping in the Chapter 7 - Procedures for Collecting and Preserving Evidence:
First area of improvement - Right after the section in Underestanding Volatility of Evidence is Creating a Real-Mode Forensic Book Disk. Heading of each section can be more clear in using numbering. It is a bit confuse when you talk about volatile information and then in the next section in creating Boot Disk that is for inspecting non-volitale information.
Second area of improvement - Regarding importance of evidence preservation, the book does not teach you HOW - e.g. technically using MD5 and procedure wide asking third party and/or suspect to verify information obtained.
Overall, it is a good reference book in knowing computer forensic.
Final word: One thing about the book I like is the inclusion of software version in the CD which is handy for reading it when need.
The book is fast paced and wisely does not get dragged down with too much detail and 'how to' guides. It provided the knowledge and check lists to enable the reader to react appropriatly to an IT emergency or situation where a forensic approach is required.
It's clear structure will enable me to use the book as a reference work in the future.
The included CDROM was useful although in the future a PDF guide of each file would have been handy reference. It would have also been nice to have seen the free tools mentioned in the book included on the disk.
Overall an excellent read I will look out for Douglas Schweitzer books again.
Most recent customer reviews
This book gives the reader a solid grounding in a difficult field. Since forensics and response are an area where you're up against a creative enemy, it's impossible to give the... Read morePublished on Jan. 23 2004 by Marcus J. Ranum
Incident Response is a must-read book for anyone who has to handle computer security incidents. It is written in an easy-to-read format that even those new to the subject can... Read morePublished on July 15 2003 by Tony Bradley
Once again, author Douglas Schweitzer takes his candid no-nonsense approach to security issues. Intrusion is at an all time high and finding the right answers can be elusive. Read morePublished on June 5 2003 by Angel Gomez, Ph.D.
Look for similar items by category
- Books > Computers & Technology > Computer Science
- Books > Computers & Technology > History & Culture > Culture
- Books > Computers & Technology > History & Culture > Privacy
- Books > Computers & Technology > Internet & Social Media > Hacking
- Books > Computers & Technology > Networking & Cloud Computing > Networks, Protocols & APIs
- Books > Computers & Technology > Programming
- Books > Computers & Technology > Security & Encryption > Forensics
- Books > Computers & Technology > Software
- Books > Computers & Technology > Web Development > Security & Encryption > Encryption
- Books > Qualifying Textbooks - Fall 2007 > Computers & Internet
- Books > Textbooks > Computer Science & Information Systems > Networking