- One of the best books on computer forensics and evidence collection
- Tons of new and updated information since the first edition
- "Eye Witness Reports" help give real-world perspective
- None
- If collected wrong, computer evidence is useless in court- this book will help you do it right
- Comprehensive coverage of handling an incident from first response through investigation
- Real world scenarios help the reader to understand how these concepts work in real life
- Much of the book is new or significantly rewritten since the first edition
Collecting forensic evidence is often a slow and tedious process. If it is done wrong the evidence will be corrupt and may be inadmissable in court based on a technicality.
Being responsible for incident response means you usually get called for one of two jobs- either an attack is ongoing and you need to take the necessary steps to stop or block the incident from continuing while also preserving evidence, or you may be asked to do a forensic investigation of a computer of an ex-employee or something. In either event you would do well to have this book nearby.
Incident Response & Computer Forensics - 2nd Edition is one of the best books on the market for these subjects. Kevin Mandia and Chris Prosise bring extensive real-world experience to the table and share tons of valuable and useful information with their readers.
The book covers everything from establishing policies and procedures to collecting data from live Windows or Unix machines. The chapters on Forensic Duplication and Evidence Handling are excellent.
It may not be glamorous, but for some it is still a thrill to be able to extract evidence and solve the puzzle. If you are one of those people- get this book.