The Bottom Line
This book should be required reading for anyone tasked with handling security incidents. It covers all aspects of security incident response and includes tools and utilities you can use.
Pros
- Excellent guide for handling security incidents
- Includes CD with forensic data tools
- Appendix covers implications of Patriot Act
Cons
- None
Description
- Terrific overview of all aspects of responding to a security incident.
- Well written and easy to read. Provides the information you need without being too techie
- Comprehensive information. Should be kept around as a desk reference for incident response.
- Appendixes provide detailed explanation of the USA PATRIOT Act of 2001 and rules of evidence.
- Includes CD with incident response checklists and various trialware and freeware utilities.
Guide Review - Book Review: Incident Response
Douglas Schweitzer does a superb job of providing the reader with the knowledge they need to respond to computer security incidents. Incident Response walks the reader through all of the phases of computer incident response: preparation, detection, gathering clues and evidence, cleaning the system, recovering lost data and applying any lessons learned to prevent future incidents. Each phase is explained in detail in a clear, well-written manner that is easy to follow. Especially valuable are the sections pertaining to the rules of evidence and how to handle a security incident without destroying the evidence. The information on the USA PATRIOT Act in the appendix is valuable for information security as well. Definitely a book I recommend.
