The Virtual Bookcase Reviews of 'Incident Response: Computer Forensics Toolkit':
Reviewer Rob Slade wrote:
The title talks about incident response. The subtitle talks about
computer forensics. The introduction doesn't clear up the confusion.
Is the book about forensics? Response? Does Schweitzer think that
forensics (and which kind?) is the only response there is?
Chapter one is supposed to be an introduction to forensic and response
essentials. It is a vague and disorganized grab bag of issues. (A
section entitled "Recognizing the Signs of an Incident" talks about
the fact the you should respond properly, and one supposedly
addressing issues around preparation suggests that there is a need for
response to incidents. A two page list of characteristics of various
operating systems provides such amazing advice as that MS-DOS has text
on a black screen, while Windows has colours. In any case, the
response to an incident is the same: pull the plug. Legal issues are
said to be the topic of chapter two: it lists some US laws related to
computers. Some items that should be examined in computer or network
forensic investigations are tabulated in chapter three. Chapter four
has miscellaneous information about the Registry and file systems.
Processes (on Windows) and some indications of the potential presence
of a backdoor (or simply the fact that parts of your operating system
are running) make up chapter five. Chapter six has random and
incomplete data on utilities and items that might hold information.
Procedures for collecting evidence, and lots of other material, is in
chapter seven. The advice on containment of incidents, in chapter
eight, seems to be limited to "pull the plug." Chapter nine has
incomplete recommendations for business continuity and disaster
recovery. The response to different kinds of threats, in chapter ten,
is terse, and the largest space is given to a discussion of sexual
harassment. Chapter eleven is supposed to be dedicated to assessing
system security in order to prevent further attacks: there is limited
advice on hardening Windows, and some directions on general security
reviews. A list of miscellaneous computer attacks and incidents
closes off the book in chapter twelve.
The book is randomly structured, disorganized in terms of the written
material, and excessively verbose. There is some coverage in regard
to computer forensics for those with no experience in the field, but
nothing that can't be found elsewhere, with much less work, and in
more complete state.
copyright Robert M. Slade, 2005
Add my review for Incident Response: Computer Forensics Toolkit
Book description:
Your in-depth guide to detecting network breaches, uncovering evidence, and preventing future attacks Whether it s from malicious code sent through an e-mail or an unauthorized user accessing company files, your network is vulnerable to attack. Your response to such incidents is critical. With this comprehensive guide, Douglas Schweitzer arms you with the tools to reveal a security breach, gather evidence to report the crime, and conduct audits to prevent future attacks. He also provides you with a firm understanding of the methodologies for incident response and computer forensics, Federal Computer Crime law information and evidence requirements, legal issues, and how to work with law enforcement. You ll learn how to: Recognize the telltale signs of an incident and take specific response measures Search for evidence by preparing operating systems, identifying network devices, and collecting data from memory Analyze and detect when malicious code enters the system and quickly locate hidden files Perform keyword searches, review browser history, and examine Web caches to retrieve and analyze clues Create a forensics toolkit to prop-erly collect and preserve evidence Contain an incident by severing network and Internet connections, and then eradicate any vulnerabilities you uncover Anticipate future attacks and monitor your system accordingly Prevent espionage, insider attacks, and inappropriate use of the network Develop policies and procedures to carefully audit the system CD-ROM includes: Helpful tools to capture and protect forensic data; search volumes, drives, and servers for evidence; and rebuild systems quickly after evidence has been obtained Valuable checklists developed by the author for all aspects of incident response and handling Book Info
Guide provides the tools needed to reveal a security breach, gather evidence to report the crime, and conduct audits to prevent future attacks. Provides an understanding of the methodologies for incident response and computer forensics, Federal Computer Crime law investigation, legal issues, and how to work with law enforcement. Softcover.
From the Back Cover
Your in-depth guide to detecting network breaches, uncovering evidence, and preventing future attacks Whether it’s from malicious code sent through an e-mail or an unauthorized user accessing company files, your network is vulnerable to attack. Your response to such incidents is critical. With this comprehensive guide, Douglas Schweitzer arms you with the tools to reveal a security breach, gather evidence to report the crime, and conduct audits to prevent future attacks. He also provides you with a firm understanding of the methodologies for incident response and computer forensics, Federal Computer Crime law information and evidence requirements, legal issues, and how to work with law enforcement. You’ll learn how to: * Recognize the telltale signs of an incident and take specific response measures * Search for evidence by preparing operating systems, identifying network devices, and collecting data from memory * Analyze and detect when malicious code enters the system and quickly locate hidden files * Perform keyword searches, review browser history, and examine Web caches to retrieve and analyze clues * Create a forensics toolkit to prop-erly collect and preserve evidence * Contain an incident by severing network and Internet connections, and then eradicate any vulnerabilities you uncover * Anticipate future attacks and monitor your system accordingly * Prevent espionage, insider attacks, and inappropriate use of the network * Develop policies and procedures to carefully audit the system CD-ROM includes: * Helpful tools to capture and protect forensic data; search volumes, drives, and servers for evidence; and rebuild systems quickly after evidence has been obtained * Valuable checklists developed by the author for all aspects of incident response and handling About the Author
DOUGLAS SCHWEITZER is an Internet security specialist and authority on malicious code and computer forensics. He is a Cisco Certified Network Associate and Certified Internet Webmaster Associate, and holds A+, Network+, and i-Net+ certifications. Schweitzer is also the author of Internet Security Made Easy and Securing the Network from Malicious Code.
