Qty:1
  • List Price: $59.00
  • Save: $19.75 (33%)
Only 7 left in stock.
Ships from and sold by Amazon.com.
Gift-wrap available.
Incident Response and Com... has been added to your Cart
FREE Shipping on orders over $35.
Used: Very Good | Details
Condition: Used: Very Good
Comment: Very clean cover - light shelf wear. Pages are crisp, clean and unmarked. Solid spine and tight binding. Secured in poly bag for extra protection.
Access codes and supplements are not guaranteed with used items.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Incident Response and Computer Forensics, Second Edition Paperback – July 17, 2003

ISBN-13: 978-0072226966 ISBN-10: 007222696X Edition: 2nd

Buy New
Price: $39.25
18 New from $7.48 54 Used from $0.01
Amazon Price New from Used from
Paperback
"Please retry"
$39.25
$7.48 $0.01

There is a newer edition of this item:

$39.25 FREE Shipping. Only 7 left in stock. Ships from and sold by Amazon.com. Gift-wrap available.

Frequently Bought Together

Incident Response and Computer Forensics, Second Edition + The Computer Incident Response Planning Handbook:  Executable Plans for Protecting Information at Risk
Price for both: $78.58

Buy the selected items together

Customers Who Bought This Item Also Bought

NO_CONTENT_IN_FEATURE

Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 507 pages
  • Publisher: McGraw-Hill/Osborne; 2 edition (July 17, 2003)
  • Language: English
  • ISBN-10: 007222696X
  • ISBN-13: 978-0072226966
  • Product Dimensions: 7.5 x 1 x 9.2 inches
  • Shipping Weight: 2 pounds (View shipping rates and policies)
  • Average Customer Review: 4.4 out of 5 stars  See all reviews (33 customer reviews)
  • Amazon Best Sellers Rank: #213,106 in Books (See Top 100 in Books)

Editorial Reviews

Amazon.com Review

A strong system of defenses will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Incident Response aims to teach you how to determine when an attack has occurred or is underway--they're often hard to spot--and show you what to do about it. Authors Kevin Mandia and Chris Prosise favor a tools- and procedures-centric approach to the subject, thereby distinguishing this book from others that catalog particular attacks and methods for dealing with each one. The approach is more generic, and therefore better suited to dealing with newly emerging attack techniques.

Anti-attack procedures are presented with the goal of identifying, apprehending, and successfully prosecuting attackers. The advice on carefully preserving volatile information, such as the list of processes active at the time of an attack, is easy to follow. The book is quick to endorse tools, the functionalities of which are described so as to inspire creative applications. Information on bad-guy behavior is top quality as well, giving readers knowledge of how to interpret logs and other observed phenomena. Mandia and Prosise don't--and can't--offer a foolproof guide to catching crackers in the act, but they do offer a great "best practices" guide to active surveillance. --David Wall

Topics covered: Monitoring computer systems for evidence of malicious activity, and reacting to such activity when it's detected. With coverage of Windows and Unix systems as well as non-platform-specific resources like Web services and routers, the book covers the fundamentals of incident response, processes for gathering evidence of an attack, and tools for making forensic work easier. --This text refers to an out of print or unavailable edition of this title.

Review

"... poorly trained network administrators and the lack of firewalls and intrustion detection systems still make it difficult to find the source and strategy of the attack." Computerworld article (8/21/00) on Incident Response featuring David Dittrich, a researcher who spoke at the Usenix Security Symposium." --This text refers to an out of print or unavailable edition of this title.

More About the Authors

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

I read this book cover to cover.
Hoser
I highly recommend Incident Response to anyone interested in the field of computer forensics and network security.
Travis Reese
I don't know these guys, but I'd sure like to shake their hands for a job well done!
Craig Ball

Most Helpful Customer Reviews

35 of 37 people found the following review helpful By Richard Bejtlich on August 15, 2001
Format: Paperback
I am a senior engineer for network security operations. I am a graduate of the flagship session of the System Administration, Networking, and Security institute's Forensics, Investigations, and Response Education (SANS FIRE) program. "Incident Response" (IR) should have been the textbook for that program. It is the most definitive work I've read on incident response and computer forensics. I highly recommend every security professional take advantage of this book.
IR starts with a revealing case study, and follows through with additional mini-studies and "eye witness reports" based on the authors' experiences. It provides plenty of clear diagrams and charts to reinforce key points, like the innovative "hard drive layers" outlined in chapter five. Most every mention of a command line program is followed by an example of that command in action, either via screenshot or text sample. These examples let readers try similar commands on their own workstations, reinforcing the authors' investigative directions.
Beyond the excellent presentation of technical material, IR frames its discussion of incident response and computer forensics in a practical investigative methodology. My SANS FIRE training repeatedly stressed the importance of documentation, policies, processes, and methodology when performing forensic work worthy of adversarial legal scrutiny. IR's attention to detail helps investigators collect evidence in a professional, repeatable, forensically sound manner.
Having appeared in court to defend their investigations, the authors share their knowledge and emphasize crucial steps to avoid forensic pitfalls. (An example is a DOS boot floppy's interaction with the DRVSPACE.BIN file. IR explains how to avoid this issue in detail.
Read more ›
2 Comments Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
18 of 19 people found the following review helpful By Richard Bejtlich on October 15, 2003
Format: Paperback
First, full disclosure: the publisher sent me a free review copy, I used to work for Mandia and now work with Prosise and Pepe, and I contributed material incorporated into chapters 8 and 14. I still think "Incident Response and Computer Forensics, 2nd Edition" (IRCF2E) is the best forensics book on the market. Notice I said "forensics." It's significant that the first edition's title was "Incident Response: Investigating Computer Crime." While IRCF2E contains plenty of IR material, I sense a shift away from computer security and towards the legal world in this second edition.

Readers of the first edition will want to know what's new. While reading IRCF2E I thumbed through the first edition and make some notes. The following chapters appear mostly or totally new: 1 (Real-World Incidents), 3 (Preparing for Incident Response), 4 (After Detection of an Incident), 9 (Evidence Handling), 10 (Computer System Storage Fundamentals), 11 (Data Analysis Techniques), 17 (Writing Computer Forensics Reports). Some chapters contain rewrites or new material: 2 (Intro to the IR Process), 5 (Live Data Collection from Windows), 6 (Live Data Collection from UNIX), 7 (Forensic Duplication), 8 (Collecting Network-based Evidence), and 14 (Analyzing Network Traffic). The remainder received minor rewrites. Some chapters from the first edition on IIS and application forensics were integrated elsewhere.

The most informative sections for me, as a reader of both editions, appear in chapters 7, 10, and 17. Chapter 7 lays down the law on differences between a "forensic duplication," a "qualified forensic duplication," and a "mirror image.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
20 of 22 people found the following review helpful By A Customer on June 26, 2001
Format: Paperback
I got an advanced copy of this book and I must say that it was not dissappointing. After reading hacking exposed, I expected usefull material from the Foundstone people and they have really come through with this book. There aren't that many good IR books out there. This has set a good standard.
Like the Hacking Exposed book, you need to sit down at a computer when reading IR. With any technical book, the real values comes with using the tools and techniques that the book describes at the computer and learning the ins and outs.
I wonder if they have the second addition already in the works?
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
16 of 18 people found the following review helpful By Craig Ball on January 21, 2004
Format: Paperback
As an attorney and a formally-trained computer forensics examiner and instructor who has been tilling the fields of digital evidence for some time, I'm always on the prowl for the next great computer forensics tool or text that's going to help me find the next smoking gun...or at least be confident I haven't overlooked it. I've built a substantial library of books and articles on computer forensics, some very good and some a complete waste of money. But, this book is the best of the best.
From its step-by-step detail of the forensic process to its copious and helpful illustrations and screen shots to its unvarnished discussion of the tools in the marketplace, the second edition of Incident Response and Computer Forensics is, for my money, the most valuable resource any computer forensic examiner could have on their shelf. Many of the techniques and shortcuts detailed are "trade secrets" in that I've never seen them described in print. Unlike other forensic guides that assume the reader owns a costly forensic software suite, this book fairly splits its emphasis between Linux tools, shareware and the best software packages. That means the reader can begin the learning process at once, without investing anything more than their time and interest.
Another strength is that the book neither presupposes a too-high level of knowledge or experience nor dumbs down its content such that an expert wouldn't derive any value. There's something here for everyone who cares about computer forensics, from the neophyte to the grizzled veteran. When I paid $50.00 for this tome at a big box bookstore, I worried I was paying too much. Now, I'd think it cheap at twice the price.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews