Incident Response and Computer Forensics, 2/e (Paperback)

Completely Updated with the Latest Techniques--Contains All-New Forensics Content and Real-World Scenarios

An insiders look at the legal, procedural and technical steps of computer forensics and analysis. --Information Security magazine

This book is an absolute must-read for anyone who plays a role in responding to computer security events. --Marc J. Zwillinger, former trial attorney with the U.S. Dept. of Justice, Computer Crime & Intellectual Property

An excellent resource for information on how to respond to computer intrusions and conduct forensic investigations. --Network Magazine

If your job requires you to review the contents of a computer system for evidence of unauthorized or unlawful activities, this is the book for you. The authors, through real-world experiences, demonstrate both technically and procedurally the right way to perform computer forensics and respond to security incidents. --Howard A. Schmidt, Former Special Advisor for Cyber Security, White House, and former Chief Security Officer, Microsoft Corp.

New and Updated Material:

• New real-world scenarios throughout
  
• The latest methods for collecting live data and investigating Windows and UNIX systems
  
• Updated information on forensic duplication
  
• New chapter on emergency network security monitoring
  
• New chapter on corporate evidence handling procedures
  
• New chapter on data preparation with details on hard drive interfaces and data storage principles
  
• New chapter on data extraction and analysis
  
• The latest techniques for analyzing network traffic
  
• Up-to-date methods for investigating and assessing hacker tools
  

Foreword by former FBI Special Agent Scott Larson

Contents            

  Part I: Overview
   Ch. 1: Case Study
   Ch. 2: The Incident Response Process
   Ch. 3: Preparing for Incident Response

  Part II: Data Collection
   Ch. 4: Data Collection From Windows
   Ch. 5: Data Collection from Unix
   Ch. 6: Forensic Duplication
   Ch. 7: Network Traffic Collection
   Ch. 8: Data Collection from Other Sources
   Ch. 9: Evidence Handling

  Part III: Forensic Analysis
   Ch. 10: Physical Analysis
   Ch. 11: Data Analysis
   Ch. 12: Analysis of Windows Systems
   Ch. 13: Unix

  Part IV: Analysis of Other Evidence
   Ch. 14: Investigation of Routers
   Ch. 15: Investigation of Web Servers
   Ch. 16: Investigation of Application Servers
   Ch. 17: Analysis of Network Traces
   Ch. 18: Investigating Hacker Tools

  Part V: Remediation
   Ch. 19: Reporting and Documentation
   Ch. 20: Developing an Incident Response Plan
   Ch. 21: Establishing Identify in Cyberspace
   Ch. 22: Data Recovery