Rating:
(33 reviews)
Author: Chris Prosise
ISBN : 007222696X
New from $21.10
Format: PDF
Download for free books Free Incident Response and Computer Forensics, Second Edition from 4shared, mediafire, hotfile, and mirror link
Written by FBI insiders, this updated best-seller offers a look at the legal, procedural, and technical steps of incident response and computer forensics. Including new chapters on forensic analysis and remediation, and real-world case studies, this revealing book shows how to counteract and conquer today’s hack attacks.
Books with free ebook downloads available Free Incident Response and Computer Forensics, Second Edition
- Paperback: 507 pages
- Publisher: McGraw-Hill/Osborne; 2 edition (July 17, 2003)
- Language: English
- ISBN-10: 007222696X
- ISBN-13: 978-0072226966
- Product Dimensions: 1.1 x 7.3 x 9 inches
- Shipping Weight: 2 pounds (View shipping rates and policies)
Free Incident Response and Computer Forensics, Second Edition
I am a senior engineer for network security operations. I am a graduate of the flagship session of the System Administration, Networking, and Security institute's Forensics, Investigations, and Response Education (SANS FIRE) program. "Incident Response" (IR) should have been the textbook for that program. It is the most definitive work I've read on incident response and computer forensics. I highly recommend every security professional take advantage of this book.IR starts with a revealing case study, and follows through with additional mini-studies and "eye witness reports" based on the authors' experiences. It provides plenty of clear diagrams and charts to reinforce key points, like the innovative "hard drive layers" outlined in chapter five. Most every mention of a command line program is followed by an example of that command in action, either via screenshot or text sample. These examples let readers try similar commands on their own workstations, reinforcing the authors' investigative directions.
Beyond the excellent presentation of technical material, IR frames its discussion of incident response and computer forensics in a practical investigative methodology. My SANS FIRE training repeatedly stressed the importance of documentation, policies, processes, and methodology when performing forensic work worthy of adversarial legal scrutiny. IR's attention to detail helps investigators collect evidence in a professional, repeatable, forensically sound manner.
Having appeared in court to defend their investigations, the authors share their knowledge and emphasize crucial steps to avoid forensic pitfalls. (An example is a DOS boot floppy's interaction with the DRVSPACE.BIN file. IR explains how to avoid this issue in detail.
First, full disclosure: the publisher sent me a free review copy, I used to work for Mandia and now work with Prosise and Pepe, and I contributed material incorporated into chapters 8 and 14. I still think "Incident Response and Computer Forensics, 2nd Edition" (IRCF2E) is the best forensics book on the market. Notice I said "forensics." It's significant that the first edition's title was "Incident Response: Investigating Computer Crime." While IRCF2E contains plenty of IR material, I sense a shift away from computer security and towards the legal world in this second edition.
Readers of the first edition will want to know what's new. While reading IRCF2E I thumbed through the first edition and make some notes. The following chapters appear mostly or totally new: 1 (Real-World Incidents), 3 (Preparing for Incident Response), 4 (After Detection of an Incident), 9 (Evidence Handling), 10 (Computer System Storage Fundamentals), 11 (Data Analysis Techniques), 17 (Writing Computer Forensics Reports). Some chapters contain rewrites or new material: 2 (Intro to the IR Process), 5 (Live Data Collection from Windows), 6 (Live Data Collection from UNIX), 7 (Forensic Duplication), 8 (Collecting Network-based Evidence), and 14 (Analyzing Network Traffic). The remainder received minor rewrites. Some chapters from the first edition on IIS and application forensics were integrated elsewhere.
The most informative sections for me, as a reader of both editions, appear in chapters 7, 10, and 17. Chapter 7 lays down the law on differences between a "forensic duplication," a "qualified forensic duplication," and a "mirror image.