Incident Response and Computer Forensics, 2/e (Paperback)

Chris Prosise, Kevin Mandia, Matt Pepe

  • 出版商: McGraw-Hill Education
  • 出版日期: 2003-07-17
  • 售價: $2,010
  • 貴賓價: 9.5$1,910
  • 語言: 英文
  • 頁數: 507
  • 裝訂: Paperback
  • ISBN: 007222696X
  • ISBN-13: 9780072226966
  • 已過版



Completely Updated with the Latest Techniques--Contains All-New Forensics Content and Real-World Scenarios

An insiders look at the legal, procedural and technical steps of computer forensics and analysis. --Information Security magazine

This book is an absolute must-read for anyone who plays a role in responding to computer security events. --Marc J. Zwillinger, former trial attorney with the U.S. Dept. of Justice, Computer Crime & Intellectual Property

An excellent resource for information on how to respond to computer intrusions and conduct forensic investigations. --Network Magazine

If your job requires you to review the contents of a computer system for evidence of unauthorized or unlawful activities, this is the book for you. The authors, through real-world experiences, demonstrate both technically and procedurally the right way to perform computer forensics and respond to security incidents. --Howard A. Schmidt, Former Special Advisor for Cyber Security, White House, and former Chief Security Officer, Microsoft Corp.

New and Updated Material:

  • New real-world scenarios throughout
  • The latest methods for collecting live data and investigating Windows and UNIX systems
  • Updated information on forensic duplication
  • New chapter on emergency network security monitoring
  • New chapter on corporate evidence handling procedures
  • New chapter on data preparation with details on hard drive interfaces and data storage principles
  • New chapter on data extraction and analysis
  • The latest techniques for analyzing network traffic
  • Up-to-date methods for investigating and assessing hacker tools

Foreword by former FBI Special Agent Scott Larson


  Part I: Overview
   Ch. 1: Case Study
   Ch. 2: The Incident Response Process
   Ch. 3: Preparing for Incident Response

  Part II: Data Collection
   Ch. 4: Data Collection From Windows
   Ch. 5: Data Collection from Unix
   Ch. 6: Forensic Duplication
   Ch. 7: Network Traffic Collection
   Ch. 8: Data Collection from Other Sources
   Ch. 9: Evidence Handling

  Part III: Forensic Analysis
   Ch. 10: Physical Analysis
   Ch. 11: Data Analysis
   Ch. 12: Analysis of Windows Systems
   Ch. 13: Unix

  Part IV: Analysis of Other Evidence
   Ch. 14: Investigation of Routers
   Ch. 15: Investigation of Web Servers
   Ch. 16: Investigation of Application Servers
   Ch. 17: Analysis of Network Traces
   Ch. 18: Investigating Hacker Tools

  Part V: Remediation
   Ch. 19: Reporting and Documentation
   Ch. 20: Developing an Incident Response Plan
   Ch. 21: Establishing Identify in Cyberspace
   Ch. 22: Data Recovery