Customer Reviews

Incident Response: Computer Forensics Toolkit

5 star:		(5)
4 star:		(3)
3 star:		(0)
2 star:		(1)
1 star:		(0)

 

 

The introduction describes this book as a "complete introductory course in basic computer forensics and incident response" and that is indeed the case. It begins with an overview of computer forensics and incident response in Chapter 1 and progresses to legal considerations, obtaining and preserving digital evidence, system internals (mostly Windows although Unix is also discussed) and ends with analysis of real-world attacks and possible defences in Chapter 12. Press references and citations are used to give the big picture. All in all this is a book which I would recommend with two "buts": first, the author is writing from a US perspective for a US reader, presenting and discussing US-specific legislation and legal issues; while this would be of direct interest to our US-based brethren it is of no much use to anyone else. Second, platform-dependent coverage is mostly Windows, and although Linux/Unix get mentioned throughout the book the coverage of UNIX internals and forensics is not on par with Windows counterparts. Having said this, if you are in the US and are using Windows, do get this book - it is a readable and straight introduction to a complex and interesting field which becomes more and more important.

The author covers different aspects of incident response, but fails to go deeper in the matter.

The author talks briefly about types of attacks, briefly about forensics tools, and briefly about the incident response procedures. Such shallow coverage of the topics makes for a quite dissappointing read.

On the other hand he offers the readers complete text of USA Patriot Act 2001 - with little discussion of its implications, privacy concerns and its impact on the organizational security! Readers also get treated to full texts of Janet Renot(sp?) speeches - also with little explanation. Seems he tried to increase the word count of the book.

Forensics tools are mentioned with instructions to run them starting as "Step 1:Click the Start menu button". Every tool has a half a page description on how to start it with a screenshot taking up the rest of the page.

Forensics techniques are described, but the author presents this quite technical material in the abstract, easy-to-read form that takes away all the usefullness of it - reads like a summary.

Incident response chapters present the reader with the common sense material. Might be useful to get an idea of what is involved in developing a incident response process, but it's hard to find it practical - it's simply too general.

A fair introductory book, could be much better.

Incident Response is a must-read book for anyone who has to handle computer security incidents. It is written in an easy-to-read format that even those new to the subject can follow, while providing enough depth and detail to be valuable as a reference book for experienced professionals. The appendix on the provisions of the USA PATRIOT Act and its impact on information security along with the CD containing many useful freeware and trialware software programs are worth the cost of the book in and of themselves. If you are in a position where you need to know how to respond when a computer incident occurs, or if you just want to learn more about this subject this book is a great place to start.

Once again, author Douglas Schweitzer takes his candid no-nonsense approach to security issues. Intrusion is at an all time high and finding the right answers can be elusive. That is what gives significant value to this book. It is Concise and pertinent to the issue at hand.

Mr Schweitzer has hit the nail on the head once again! The subject matter is extremely timely and accurate.

This book is a must have for any network administrator as well as a small business with stand alone PCs. You never know what your employees are doing with their computers.

I found the book extremely helpful and easy to read. It provides the technical guidance without being too over technical. Also, the added free resources that are provided pay for the book.

This book provides a good introduction to computer forensics and covers most of the necessary basic information. Do not expect to read this book (or any of the other computer forensic books available) and be able to perform any sort of in-depth forensic analysis. It's good information for Sys Admins or tech-savvy home users. Those needing professional-level information for their job (computer security, law enforcement, etc) should look to 5-6 day courses that provide in-depth, hands-on training.

Again, as an introductory text on computer forensics, the book is good. Chapter 7 (Procedured for Collecting and Preserving Evidence) could use a little beefing-up with respect to boot disks. It is admirable that the author shows how to create Windows and Linux boot disks, but they don't provide any other benefit (no tools, etc). He should have mentioned freeware liveCDs for both Windows and Linux, such as the "Ultimate Boot CD for Windows" and "Helix" for Linux (search the web). Not only are they bootable media, they have tools useful for forensic analysis.

This book gives the reader a solid grounding in a difficult field. Since forensics and response are an area where you're up against a creative enemy, it's impossible to give the reader a cookbook approach. Schweitzer gives the reader the tools and framework necessary to begin tackling this very difficult problem. I'm really happy to see this book available on the market, since the problem it addresses is one that's getting worse all the time and shows no sign of getting better soon.

Good job, Doug!

mjr.

A well considered and well structured work for the IT professional.

The book is fast paced and wisely does not get dragged down with too much detail and 'how to' guides. It provided the knowledge and check lists to enable the reader to react appropriatly to an IT emergency or situation where a forensic approach is required.

It's clear structure will enable me to use the book as a reference work in the future.

The included CDROM was useful although in the future a PDF guide of each file would have been handy reference. It would have also been nice to have seen the free tools mentioned in the book included on the disk.

Overall an excellent read I will look out for Douglas Schweitzer books again.

This is one of the most recent release (in year 2003) in the topics, and it is imformative in technical, procedure wide, and legal consideration.

There are rooms for improvement in structurinng between paragraph and addition of more detailed information. Jumping in the Chapter 7 - Procedures for Collecting and Preserving Evidence:

First area of improvement - Right after the section in Underestanding Volatility of Evidence is Creating a Real-Mode Forensic Book Disk. Heading of each section can be more clear in using numbering. It is a bit confuse when you talk about volatile information and then in the next section in creating Boot Disk that is for inspecting non-volitale information.

Second area of improvement - Regarding importance of evidence preservation, the book does not teach you HOW - e.g. technically using MD5 and procedure wide asking third party and/or suspect to verify information obtained.

Overall, it is a good reference book in knowing computer forensic.

Final word: One thing about the book I like is the inclusion of software version in the CD which is handy for reading it when need.