[.ca] Computer Forensics: Incident Response Essentials (ISBN 0201707195)

From Amazon.co.uk:
Computer security is a crucial aspect of modern information management, and one of the latest buzz words is "incident response"--detecting and reacting to security breaches. Computer Forensics offers information professionals a disciplined approach to implementing a comprehensive incident-response plan, with a focus on being able to detect intruders, discover what damage they did and hopefully find out who they are. There is little doubt that the authors are serious about cyber investigation. They advise companies to "treat every case like it will end up in court" and although this sounds extreme, it is good advice. Upon detecting a malicious attack on a system, many system administrators react instinctively. This often involves fixing the problem with minimal downtime, then providing the necessary incremental security to protect against an identical attack. The authors warn that this approach often contaminates evidence and makes it difficult to track the perpetrator. This book describes how to maximise system up-time while protecting the integrity of the "crime scene". The bulk of Computer Forensics details the technical skills required to become an effective electronic sleuth, with an emphasis on providing a well-documented basis for a criminal investigation. The key to success is becoming a "white hat" hacker in order to combat the criminal "black hat" hackers. The message is clear: if you're not smart enough to break into someone else's system, you're probably not smart enough to catch someone breaking into your system. In this vein, the authors use a number of technical examples and encourage the readers to develop expertise of UNIX/Linux and Windows NT fundamentals. They also provide an overview of a number of third-party tools, many of which can be used for both tracking hackers and for probing your own systems. The authors explain their investigative techniques via a number of real-world anecdotes. It is striking that many of the same hacks detailed in Cliff Stoll's classic The Cuckoo's Egg are still in use over 10 years later--both on the criminal and investigative fronts. It is up to individual companies whether or not to pursue each attempted security violation as a potential criminal case, but Computer Forensics provides a strong argument to consider doing so. --Pete Ostenson

Good reference for Computer forensics basic:
A well organized book begins with clear and precise explanation on the basic of computer forensics. Chapter 3 provides good technical information on storage media. And it goes on forensics in Windows and Unix from Chapter 8 throught Chapter 11. The section I like the most is Appendix A, which gives you comprehensive guidelines in dealing with incident response (a good sell to senior management). It is not a technical reference book but it is one of those "have-to-have" introduction books for anyone who is new in this field.

An Intro to Computer Forensics.:
Computer Forensics: Incident Responce Essentials By Warren G. Kruse and Jay G. Heiser. It is perhaps an unfortunate truth, but in todays world even small to mid-sized businesses need to understand the risks they face with computer crime. All businesses need to be able to respond in a proper and effective fashion according to their needs and situation. Computer Forensics: Incident Response Essentials is an excellent introduction to the tools, techniques and methodologies to use in the event that your business become a victim of computer crime or lesser, non criminal computer misuse. All businesses large or small should have a structured plan in place to handle such an emergency and this book is a good first read if your company does not. As an NT Administrator I may not sleep as well after reading the section on NT Streams but at least I now know what to look for. Many tools and there uses are mentioned in the book and in many cases including NT Streams, the tool is even free. The basic formula to conduct an incident response or investigation into a computer breach is covered. After all, if you can't find out what happened, how are you going to prevent it from happening again?

Très complet.:
Ce livre présente dans un langage très clair l'essentiel de la recherche de preuves numériques. La couverture est d'ailleurs très représentative du contenu, les sciences forensiques, et en particulier celles relatives aux ordinateurs prenant une importance de plus en plus grande . Les lecteurs trouveront dans le Guide du Cyberdétective paru aux Editions Chiron des applications pratiques de ces investigations dans la vie courante. Les deux ouvrages se complètent, bien que le dernier n'existe pour l'instant qu'en Français.

Outstanding book on forensics:
This is an outstanding book. Well written, very educational. If you're tasked with handling computer security incidents, you'll want to have a copy of this book on your bookshelf. The first chapter is an outstanding quick overview of the entire scope of incident response.

Excellent coverage, recommended reading.:
The authors did a great job covering forensics and response. Very thorough and easy to follow. I read this book in two evenings and use it as a reference as I audit my networks. Recommended.