The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Computer Forensics : Incident Response Essentials'

Cover of Computer Forensics : Incident Response Essentials
TitleComputer Forensics : Incident Response Essentials
Author(s)Warren G. Kruse II, Jay G. Heiser
ISBN0201707195
LanguageEnglish
PublishedSeptember 2001
PublisherAddison-Wesley Pub Co
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Computer security
Amazon.com info for Computer Forensics : Incident Response Essentials

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Computer Forensics : Incident Response Essentials':

Reviewer amazon.com wrote:
Computer security is a crucial aspect of modern information management, and one of the latest buzzwords is incident response--detecting and reacting to security breaches. Computer Forensics offers information professionals a disciplined approach to implementing a comprehensive incident-response plan, with a focus on being able to detect intruders, discover what damage they did, and hopefully find out who they are. There is little doubt that the authors are serious about cyberinvestigation. They advise companies to "treat every case like it will end up in court," and although this sounds extreme, it is good advice. Upon detecting a malicious attack on a system, many system administrators react instinctively. This often involves fixing the problem with minimal downtime, then providing the necessary incremental security to protect against an identical attack. The authors warn that this approach often contaminates evidence and makes it difficult to track the perpetrator. This book describes how to maximize system uptime while protecting the integrity of the "crime scene." The bulk of Computer Forensics details the technical skills required to become an effective electronic sleuth, with an emphasis on providing a well-documented basis for a criminal investigation. The key to success is becoming a "white hat" hacker in order to combat the criminal "black hat" hackers. The message is clear: if you're not smart enough to break into someone else's system, you're probably not smart enough to catch someone breaking into your system. In this vein, the authors use a number of technical examples and encourage the readers to develop expertise in Unix/Linux and Windows NT fundamentals. They also provide an overview of a number of third-party tools, many of which can be used for both tracking hackers and to probe your own systems. The authors explain their investigative techniques via a number of real-world anecdotes. It is striking that many of the same hacks detailed in Cliff Stoll's classic The Cuckoo's Egg are still in use over 10 years later--both on the criminal and investigative fronts. It is up to individual companies whether or not to pursue each attempted security violation as a potential criminal case, but Computer Forensics provides a strong argument to consider doing so. --Pete Ostenson Topics covered: Overview of computer crime investigative response, including extensive descriptions of hacking techniques. Frequent examples are used to demonstrate how to extract evidence from a violated computer system. Appendices include sample incident-response forms.
Reviewer Rob Slade wrote:
I'm still disappointed that authors seem to think computer forensics is limited to data recovery, but this work at least has utility value going for it. Chapter one is a rough outline of data recovery, with an emphasis on documentation and the chain of evidence. Basic information about IP addressing, for the purpose of tracing intruders, is given in chapter two: it is useful and does not drown the reader in inconsequential details. (There is an oddly vitriolic dismissal of the story of the origin of the term for Packet INternet Groper.) A valuable discussion of email headers, and a very terse outline of intrusion detection systems (IDS) are also included. Hard drive basics and concepts are given in chapter three. The material is generally good, but some points on imaging and connecting are passed over rather quickly. Chapter four has a reasonable high-level overview of encryption abstractions, but it is difficult to see the immediate relevance of the material to forensics. "Data Hiding," chapter five, contains some meandering topics that range from password cracking to NTFS (NT File System) streams to steganography. A few tools for dealing with these problems are listed. The description of hostile code, in chapter six, matches that of weeds in gardening: anything you don't want. It is, therefore, unsurprising to find that the content, while basically sound, is not particularly structured or helpful. A list of software (and some hardware) tools are described in chapter seven. Chapter eight explains a number of points about the Windows operating system that might affect data recovery and forensics. (The material discussed is not, unfortunately, exhaustive, although it is very useful as far as it goes.) The introduction to UNIX, in chapter nine, is more structured and detailed, although it examines fewer specific tools. Chapter ten's general overview of an attack on a UNIX system is fairly standard, although there is a useful table of commonly compromised system utilities. A wide variety of tools and commands for collecting information from and about UNIX systems is given briefly in chapter eleven. Chapter twelve is a short introduction to general concepts in the (US) law enforcement system. The last chapter is a rather abrupt finish to the book. There are seven appendices, the most useful of which is a handy point form overview of incident response activities. Computer forensics books are starting to come out of the woodwork, and most offer such sage advice as "gather evidence" and "don't mess up the chain of custody." This book does tend to follow the same style and tone, but also has very valuable tips for practical work. It won't help you much in analysis, but it will help you become better at collecting data that will stand up in court. copyright Robert M. Slade, 2002
Add my review for Computer Forensics : Incident Response Essentials
Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement