Incident response and computer forensics /
Incident response & computer forensics
Chris Prosise and Kevin Mandia.
- 2nd ed.
- New York, New York : McGraw-Hill/Osborne, 2003.
- xxix, 507 p. : ill. ; 24 cm. + pbk.
First edition published in 2001 under title: Incident response. Includes index.
Part I: Introduction -- Real-World Incidents -- Introduction to the Incident Response Process -- Preparing for Incident Response -- After Detection of an Incident -- Part II: Data Collection -- Live Data Collection from Windows Systems -- Live Data Collection from Unix Systems -- Forensic Duplication -- Collecting Network-based Evidence -- Evidence Handling -- Part III: Data Analysis -- Computer System Storage Fundamentals -- Data Analysis Techniques -- Investigating Windows Systems -- Investigating Unix Systems -- Analyzing Network Traffic -- Investigating Hacker Tools -- Investigating Routers -- Writing Computer Forensic Reports.
An insider's look at the legal procedural and technical steps of computer forensics and analysis. Contains all-new forensics content and real-world scenarios. -- Cover.