Publisher’s Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.
The definitive guide to incident response–updated for the first time in a decade!
Thoroughly revised to cover the latest and most effective tools and techniques, Incident Response & Computer Forensics, Third Edition arms you with the information you need to get your organization out of trouble when data breaches occur. This practical resource covers the entire lifecycle of incident response, including preparation, data collection, data analysis, and remediation. Real-world case studies reveal the methodsbehind–and remediation strategies for–today’s most insidious attacks.
- Architect an infrastructure that allows for methodical investigation and remediation
- Develop leads, identify indicators of compromise, and determine incident scope
- Collect and preserve live data
- Perform forensic duplication
- Analyze data from networks, enterprise services, and applications
- Investigate Windows and Mac OS X systems
- Perform malware triage
- Write detailed incident response reports
- Create and implement comprehensive remediation plans
- This book is a collaboration between three highly respected DFIR examiners, including Kevin Mandian who was the founder of Mandiant—named Best Security Company by SC Magazine in 2012 and 2013 (now under FireEye). Although I have a background in DFIR, I had more experience in dead-box Digital Forensics and wanted to expand my knowledge and experience in IR, thereby prompting me to purchase this book. Although it is already four years old, the framework, workflow, and methods that the authors provide are still very relevant. In a nutshell, this book should be a manual in every DFIR’s reference shelve. For beginners, it lays down a clear and straightforward blueprint into IR investigations. For IR veterans, it serves as a refresher. If they wrote another on tomorrow, I would buy it immediately because the information is extremely useful.
- I would like to add the following comments – I personally know two of the authors and the technical editor for over 15 years. I have edition one and two and recently purchased edition three.
I not only recommend the read for security professionals – I recommend the read for CXOs of companies and senior management in the Federal, State, Local governments – and of course the Military.
Their Real-World Incidents are exceptional – the Live Data Collection section (I would rate at 10 Star) –
Spend sometime reading and understanding the Foreword section – written by Jamie, another expert in the area. He sets the tone for a valuable education trip.
There are many lessons learned and good advice given. They also answered the “So What?” question throughout the book.
Lastly in Chapter 18 they “set the Strategic Direction” – They list 10 recommendations – Follow them if you want to keep your system as safe as possible with today’s technology.
Kudos go to the authors and the people who supported them throughout their professional careers.
- The book is a fine entry level book, but I expected more depth from the third edition to match the growth in maturity of the Digital Forensic Incident Response field in the last ten years. If you are already familiar with the earlier editions or are already working within Information Security I would not recommend this book.
The authors often make recommendations to Mandiant tools which shows the lack of diversity in the authors’ background for this edition. It also feels like marketing may have been a driving factor in those choices which is not what I expect in a technical reference of this sort.
The material already feels dated and incomplete with no mention of Volatility or Powershell.
For those starting out I am sure it could be helpful, but I would consider time spent doing research on the topic on freely available blogs to be a far better use of your time.
- Reading this book it is evident that the authors:
– know their shit (duh),
– are very sharp (logical and orderly layout of information; clear and focused explanations; no fluff)
– are great at teaching (case studies; teach not only what to do but also why to do it, and what may happen if you don’t, with short 2-sentence examples to spice it up)
It is a joy to read, and I am of the same mind as the other reviewers who have given it 5 stars – it’s a must-read for every cyber-security professional.