What do you think?
Rate this book
Incident Response & Computer Forensics, Third Edition
The definitive guide to incident response--updated for the first time in a decade! Thoroughly revised to cover the latest and most effective tools and techniques, Incident Response & Computer Forensics, Third Edition arms you with the information you need to get your organization out of trouble when data breaches occur. This practical resource covers the entire lifecycle of incident response, including preparation, data collection, data analysis, and remediation. Real-world case studies reveal the methods behind--and remediation strategies for--today's most insidious attacks.
Architect an infrastructure that allows for methodical investigation and remediation
Develop leads, identify indicators of compromise, and determine incident scope
Collect and preserve live data
Perform forensic duplication
Analyze data from networks, enterprise services, and applications
Investigate Windows and Mac OS X systems
Perform malware triage
Write detailed incident response reports
Create and implement comprehensive remediation plans
Architect an infrastructure that allows for methodical investigation and remediation
Develop leads, identify indicators of compromise, and determine incident scope
Collect and preserve live data
Perform forensic duplication
Analyze data from networks, enterprise services, and applications
Investigate Windows and Mac OS X systems
Perform malware triage
Write detailed incident response reports
Create and implement comprehensive remediation plans
624 pages, Paperback
First published July 6, 2013
82 people are currently reading
320 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
February 13, 2017
I probably wasn’t reading this in the manner the authors intended, but I found it quite interesting and educational – it fit my purpose. Computer security is not my line, but I feel it is imperative for those managing information technology at companies to understand the current battleground of computer security, and to get a taste for the tactics used by the elusive hacker as well as the possible avenues of investigation and response. I would say this book provided an excellent intermediate level of information. Any more detailed and you are talking about an encyclopedia’s worth of text that changes on a very regular basis. Any less detail and you have something that can only be used as a generic roadmap, aimed at managers but not practitioners. Here, my manager mind got an excellent description of how many kinds of attacks work, how and where evidence can be found through investigation, and how to remediate the issue. In addition, my technical background, mostly back a generation or two in the technology, got an update on areas of interest, including the current state of Windows technology, like how file systems work, and on tools that help in an investigation, describing some of the differences between paid and free tools. One of the issues in a book like this is that it is written at a point in time, and things change. Vendors update products, hackers try new methods. The authors took an “intermediate” approach by describing a variety of tools and hacker methods, but providing pointers to websites for the reader to get up-to-date information. So although this version of the book was 3 years old, it still reads as if it is current and retains value. Worthwhile for an update on the state of affairs, and likely worthwhile for a practitioner beginning in the battle.
December 24, 2016
Written by Mandiant founders and experts - this book covers a full lifecycle of Incident Response including various non-technical considerations.
Easy and concise to read, filled with tips and practical examples, this is the best fundamental IR material from the people who basically invent the field. As a bonus you get a unique glimpse into how Mandiant operate. What more do you need?
This book would be useful for technical IR personnel in the trenches as well as management folks, especially people creating and leading CSIRT teams.
Look no further if you want to know what Incident Response is all about!
Easy and concise to read, filled with tips and practical examples, this is the best fundamental IR material from the people who basically invent the field. As a bonus you get a unique glimpse into how Mandiant operate. What more do you need?
This book would be useful for technical IR personnel in the trenches as well as management folks, especially people creating and leading CSIRT teams.
Look no further if you want to know what Incident Response is all about!
Currently reading
July 25, 2014ı want read to this book
December 30, 2017
Killed GCFA, so good enough
Displaying 1 - 4 of 4 reviews