Rating: 
Summary: None Compares
Review: There are several good books related to the forensic area.
However, only this book, covers multiple platforms scenarios: Windows, UNIX and Nonplatform-specific technologies are thoroughly discussed. As a bonus, some ORIGINAL attacks (not found elsewhere) are explained and documented (e.g., 'Stateless TCP Covert Channels').
You can try this book whichever is your level in this area.
The main themes are covered both, in introductory chapters, and in more advanced ones.
If you are looking for advice about specific tools, or 'response toolkits'. . . again this is your book, hundreds of references, and several 'typical toolkits' are included.
Chapter 16, 'Investigating Hacker Tools' is a winner discussing the issue of how files are compiled (and the related analysis techniques).
Chapters 13 (Investigating Routers), 14 (Investigating Web Attacks), and 15 (Investigating Application Servers), are extremely useful, and really help to make unique this book.
I own two copies, one to be used at home, and one as a reference for my students. It is a very worthy book, and at the Amazon price, it is a real bargain.
Rating: 
Summary: Great content, but title misleading
Review: This is a GREAT BOOK for learning nearly everything there is about forensics and how to analyze compromised systems or those under investigation. That's a definate plus for those 'must have' moments. My only criticism is that the book is more on forensics and such, and by the title, I was counting on more about how to build a response group and a plan for a company - and how to actually 'manage' incidents when they happen, not focus primarily on forensics, evidence presevation, and such - but none the less, this is certainly a fantastic resource and we're passing it around the office for a how-to guide for doing the hands-on stuff when we get an incident, and it damn important to get it right the first time so our evidence 'sticks' in the courtroom. This is our new 'baseline book' for forensics, and my hat is tipped to the Foundstone guys for another monster resource!
Rating:
Summary: Best IR book
Review: This is a great book.I think it is the best incident response book available. These guys really know their stuff and the book has a ton of good information. If you plan to do IR: GET THIS BOOK!!!!
Rating:
Summary: Best IR book
Review: This is a great book. I think it is the best incident response book available. These guys really know their stuff and the book has a ton of good information. If you plan to do IR: GET THIS BOOK!!!!
Rating:
Summary: Another great read!
Review: This is another great book on investigating and handling incidents. I found some of the techniques to be nothing more than what you find in most other books on the subject, but much easier to read which makes it much more useful. Great job!
Rating:
Summary: Extremely valuable for infosec and law enforcement
Review: This is my First Edition review, Second is coming soon. Unlike other incident response books, this one has all the technical details. Having just the book and equipment authors recommend, one will be able to start doing
computer forensics after two hours of reading. The focus is on technology and the process of response and forensics. The authors also cover preparing for incident response in great detail: from measures such as secure and auditable host configuration, system logging, network access
control up to acquiring the forensics workstation and assembling the tools. The response procedures cover general techniques for any computer incident and then go into platform-specific details. The useful distinction between the first response
and investigation is outlined: the reader will know what to do when confronted with a freshly hacked box and will also learn how to approach a hard disk extracted from a
dishonest employee workstation. Advanced network monitoring section is simply brilliant: catching the bad guys using SYN-less TCP communication or ICMP tunneling certainly presents a fun challenge for
"cybercops". Application specific tips will be useful for many, as well. Nowadays, everybody knows that Word document identifies the creator, but did you know that MAC
address of the hardware is actually recorded and can be extracted by the forensics expert. While definitely not giving legal advice, authors also go though many of the cybercrime regulations and relevant laws. For example, did you know that if your system
administrator monitors the firewall logs to see LAN traffic is it fine, while if law enforcement agent does the same with no court order - it is illegal. On the other had, if the
admin does it in violation of company policy - it is illegal as well. Also enlightening are evidence collection and preservation methods. To navigate the maze of what is
allowed and what is not - read the book. The book, as authors suggest, is useful not only for security professionals, but for law enforcement as well. That is supported by lots of background information such as TCP
header formats and general knowledge of filesystems.
Rating:
Summary: Very useful, comprehensive and fun to read
Review: This is my review for the Second Edition. Incident Response is back with a vengeance! I should disclose that I was very impressed with the first edition, for many reasons. Most of the points I liked about it are still valid and new ones abound. Same as the before, the book is a great combination of a high level policy and methodology material with hands-on, "hex dumps and disk images" stuff. The focus is on tools and technology as well as the process of response and forensics. The authors cover incident response process in great detail: from policy to secure and auditable host configuration, system logging, network monitoring, and acquiring the evidence on multiple platforms. In fact, I liked the balanced platform coverage of both UNIX/Linux and Windows. The book also contains a lot of neat background material on TCP/IP and file systems, making the book useful for less security-savvy. The useful distinction between the first response and investigation is outlined: the reader will know what to do when confronted with a freshly hacked box and will also learn how to approach a hard disk extracted from a dishonest employee workstation. So, both cursory and in-depth response are covered. I also enjoyed network-based evidence chapters on monitoring and traffic analysis (using tcpdump, ethereal, tcpflow, tcptrace). Overall, Data Analysis chapter was the most fun for me. Also enlightening were evidence collection and preservation methods. To navigate the maze of what is allowed and what is not - get the book. Another awesome chapter was the one on reversing and hostile binary analysis. While not comprehensive, it seem to summarize the "busy man's reversing tips", applicable in real daily security practice. The main advantage of the book is, in my opinion, its comprehensive nature. It is both a practical HOWTO guide, a reference and nice awareness material on "what is out there". The book emanates the fact that it is written by people who actually did all the things described in it. It might sound strange, but I also appreciated the lack of a "legal material" chapter. Legal advice should be heard from a lawyer and not from a security book (and its is usually extremely boring anyway...) Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org
Rating:
Summary: Best incidence reponse book out
Review: This is no doubt the best incidence reponse book out. I highly recommend this for anyone either in the field, learning to get into the field, or running a small to medium sized company without a team of experts. My entire network admin team uses this as a reference at the side of their desk.
Rating:
Summary: My Delight & Refreshing to Read
Review: This is one of the best book that I recommend for Computer Security (and Management). I have adopted this as one of the textbooks for my undergraduate Computer Security course. It is very well written, very fun to read, and up-to-dated. This is not just for incident reponse; I have found that this book is filling the gap of the traditional or classical approaches in computer/network security usually converying the prevention and maintenance only. This book is filled with many insigts and colorful real situations which benefit the reader to put the understanding into a reality. I was delighted to note its excellent note/references to the web sources and tools. I use this book to supplement (1) the framework book, The CISSP Prep Guide (by Krutz and Vines) and along with (2) Hacking Exposed (2nd ed, by Scambray, McClure, Kurtz) or Maximum Security (3rd ed, Anonymous) to supplement the reading and case study.
Rating:
Summary: Une véritable investigation au coeur des ordinateurs
Review: Un livre très complet, indispensable pour tout administateur réseau et responsable sécurité. Un contenu quand même très technique, qui pourrait être un peu ardu pour les débutants, qui devraient peut-être au préalable s'initier aux sciences forensiques en lisant Le Guide du Cyberdétective, paru aux Editions Chiron, ISBN 2702707831, qui présente un volet très interessant sur l'analyse des traces locales et distantes.
| 
