Rating: 
Summary: Excellent basic reference
Review: I read the book in about three days and found it to be a good primer for one leaning towards computer forensics. While some of the technology and tools described in the book will undoubtedly change within the next few months, a lot of the basic principles will remain pertinent for a long time to come. I heartily recommend this book for anyone with more than just a casual interest in Computer Security.
Rating: 
Summary: Easily the best incident response work out there
Review: I've been in networking and security for a couple of years now and this book got me fired up like no other book has since TCP/IP Illustrated Vol 1. In fact, I'd put this book on par with that one in terms of necessary reading. (You have to read both of them at least twice too).I've read everything in this book except the Windows sections (not prejudice, we just don't run Windows so it's a lower priority; I'll definitely go back and read it) and this book rocks. An earlier review was a bit critical regarding the fact that the book spends more time on forensics than incident response and he was right. But I consider that an added bonus since incident response policies MUST include recovery steps. And recovery step must include: where to look, how to look there, and what to look for. This book does all 3 very well while explaining things like chains-of-evidence that us tech-monkeys don't normally think about. What sets this book apart is the fact that they don't say things like "make sure you check for backdoor accounts" then move on. They say to look for backdoor accounts, then they tell you what tools to use, where to get them, how to use them, and where to look on specific OSs. I wouldn't trade this knowledge for 100 high-level policies. As a router guy, I was curious to see what they could tell me about router security (Cisco-centric section) and was pleasantly surprised at the insights they brought by looking from an incident response perspective. As a CISSP I know at least a little bit about most security-related threats/software/procedures, but obviously we can always learn more. This book serves to remind us what a true security bada55 looks like (I refuse to use the word guru). I only hope I can meet these guys at the upcoming SANS conference. (SD-Oct2001)
Rating:
Summary: Excellent guide to Incident Response
Review: In a field where sound methodology and comprehensive knowledge is absolutely critical, this book is an excellent guide for anyone conducting incident response and computer crime investigations. It is suited for a diverse audience ranging from senior managers to network security interns. Individuals trying to enter this field often ask me where they should get started and what resources are available. I highly recommend Incident Response to anyone interested in the field of computer forensics and network security. I am confident that even the most seasoned computer forensic analysts will learn a few new tricks from this material. I am eagerly awaiting the second edition and hoping for even more advanced concepts.
Rating:
Summary: Excellent book on incident response
Review: In one of the greatest legal maneuvers of the 20th century, lawyers for John DeLorean ingeniously convinced a jury in his drug-trafficking trial to ignore video evidence that directly implicated their client. If lawyers can talk jurors out of trusting their own eyes, then getting digital evidence of a computer crime thrown out should be child's play. Incident Response: Investigating Computer Crime was written to prevent that latter scenario from occurring. This is a primer for the many information technology departments that are uninformed regarding how to identify and properly collect hard-to-find digital evidence. The authors, both veterans in computer crime response, provide a remarkably well-documented overview of how to ensure that evidence left over from a computer crime is not compromised. The book details the proper courses of action to respond to computer breaches. Web sites and software tools are listed to ease the way for the investigator. Since digital evidence is often the only substantiation of a computer crime, securing this evidence is paramount. This book shows how it's done, and anyone involved in computer security or incident response should know too.
Rating:
Summary: A revealing and authoritative instructional reference
Review: Now in an updated and expanded second edition, Incident Response & Computer Forensics (007222696X; 544 pages; $49.99) is the collaborative effort of FBI insiders Chris Prosise & Kevin Mandia who offers an expert presentation of the legal, procedural, and technical steps of incident response and computer forensics. Included are new chapters on forensic analysis and remediation, and real-world case studies. Incident Response & Computer Forensics is recommended as a revealing and authoritative instructional reference dedicated to showing users of all levels of experience just how to counteract and defend against contemporary computer hack attacks.
Rating:
Summary: a interesting book
Review: Story,code,method,software and operating system.I think it is useful book.Read the book without boring time.
Rating: 
Summary: mediocre
Review: The book gives a decent overview on the field, but lacks technical accuracy. The authors fumble on technical details. For example, the authors botched the explanation of what happens when a unix file is deleted by claiming that all files with a link count of zero will be deleted. They also make the claim that only the SCSI interface will accommodate the multiple simultaneous communication that RAID requires - when really IDE will do this as well given proper firmware. Another gross oversight was the exclusion of reverse engineering in their investigation of rogue files chapter. When emailing the authors about this, all three ignored the email. I do not recommend supporting authors that ignore their readers.
Rating:
Summary: mediocre
Review: The book gives a decent overview on the field, but lacks technical accuracy. The authors fumble on technical details. For example, the authors botched the explanation of what happens when a unix file is deleted by claiming that all files with a link count of zero will be deleted. They also make the claim that only the SCSI interface will accommodate the multiple simultaneous communication that RAID requires - when really IDE will do this as well given proper firmware. Another gross oversight was the exclusion of reverse engineering in their investigation of rogue files chapter. When emailing the authors about this, all three ignored the email. I do not recommend supporting authors that ignore their readers.
Rating:
Summary: Excellent for New & Experienced Investigator
Review: The book is very well structured: It starts with how you as an investigator should protect yourself from legal liability and how to preserve digital evidence. Then it goes on in more technical details in investigating various systems. The "Get If From Web" is extremely useful in each chapter for further reference.
Rating:
Summary: For once somebody understands forensics
Review: The rule about pulling the plug to preserve the evidence is history. The authors explain the importance of getting a snapshot of system dynamics. For example, who is logged in to the machine, what ports are open, what is going on. Real world information is provided. Any security professional or forensic investigator who hasn't read this book is out of date
| 
