Incident Response and Computer Forensics 2nd edition

508 pages | 07-2003 | PDF | 15 Mb A strong system of defenses will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Incident Response aims to teach you how to determine when an attack has occurred or is underway--they're often hard to spot--and show you what to do about it. Authors Kevin Mandia and Chris Prosise favor a tools- and procedures-centric approach to the subject, thereby distinguishing this book from others that catalog particular attacks and methods for dealing with each one. The approach is more generic, and therefore better suited to dealing with newly emerging attack techniques. Description This new edition contains six new chapters covering evidence handling, physical and data analysis, reporting, documentation and data recovery. Huge potential market, interest in this topic is growing rapidly according to Foundstone, a top security firm affiliated with the authors of the international best-seller Hacking Exposed . Written by experts, the authors provide an FBI insider's look at the legal, procedural, and technical steps involved in responding to computer crime. Packed with case studies and practical advice, plus a companion Web site with real cases and sample log files for the reader to solve. Summary Part 1: Overview Ch. 1:Case Study Ch. 2:The Incident Response Process Ch. 3:Preparing for Incident Response Part 2: Data Collection Ch. 4:Data Collection From Windows Ch. 5:Data Collection from Unix Ch. 6:Forensic Duplication Ch. 7:Network Traffic Collection Ch. 8:Data Collection from Other Sources Ch. 9:Evidence Handling Part 3: Forensic Analysis Ch. 10:Physical Analysis Ch. 11:Data Analysis Ch. 12:Analysis of Windows Systems Ch. 13:Unix Part 4: Analysis of Other Evidence Ch. 14:Investigation of Routers Ch. 15:Investigation of Web Servers Ch. 16:Investigation of Application Servers Ch. 17:Analysis of Network Traces Ch. 18:Investigating Hacker Tools Part 5: Remediation Ch. 19:Reporting and Documentation Ch. 20:Developing an Incident Response Plan Ch. 21:Establishing Identify in Cyberspace Ch. 22:Data Recovery Links : Quote:Rapidshare: Rapidshare Megaupload: Megaupload