Incident Response – Investigating Computer Crime

Authors: Kevin Mandia and Chris Prosise
Pages: 512
Publisher: Osborne McGraw-Hill
ISBN: 0072131829

Available for download is chapter 1 entitled “Insiders and Outsiders: A Case Study”.


Incident response and computer forensics are two of those skills that still unfortunately sound a bit esoteric, even though they have evolved in the past few years, with computer crime on the rise and here to stay for good.

Good incident response can help a lot when dealing with such issues, but usually it falls on the shoulders of over worked system administrators. Courses do exist in one way or another that may educate IT personnel, but books are pretty much scarce. Providing you have the knowledge, you might not need a particular book, as many of the necessary skills you may already posses.

Let’s assume you’re a bit interested in the subject. It’s definitely not an easy task, but with the right guidance and assistance, you’ll do it right. In order to get prepared for incident response, you need a good place to start, like a book, packed with information and references. And one such book is in front of me as we I’m writing this.

About the authors

Incident Response is written by Kevin Mandia and Chris Prosise, both highly esteemed experts in their field of expertise, and, both working at Foundstone. They took part in various high profile intrusion detections, and computer forensics, investigating various crimes, and have worked as trainers for various government agencies. What more needs to be said?

Inside the book

The book consists of five major parts, counting sixteen chapters and 4 appendices in total, making sure that you’re drawn deeply into the world of computer forensics. It spreads on some 500 pages of useful material, very thick in print, allowing for maximum possible information and serving as a comprehensive guide to the subject. So, lets go beyond this anaemic surface presentation, to see what really awaits the, this time, suspecting reader.

Part one, aptly named ‘Learning the Ropes’ clearly indicates what’s it all about – fundamentals of incident response, with examples and real life experience. Specifically, it starts with a case study, and goes to introduction to incident response, all-inclusive when it comes to subject. Of course, it gets on to the next subject in line that is preparing for incident response. It deals with hardware/software preparations and requirements, as well as establishing policies, procedures, and finally forming an incident response team. Plain, simple, and needs no more words to describe it.

Part two, ‘Putting on the Gloves’ familiarizes you with the technical details and theory you ought to know, before venturing into the world of incident response and computer forensics. Various tools for duplicating disks are introduced, as well as emphasizing the importance of proper data storage and rules on how to handle them. So, from initial assessment, through creating a proper strategy for the incident to forensic analysis, all necessary topics are covered. You’ll also learn a lot about network protocols, all about TCP/IP, and how to manipulate with it with the usage of a sniffer, and how to interpret sniffer log files, as well as network surveillance. And, of course, the insignificant subject of forensic duplication of data is covered a lot, lord knows why. 🙂

Third part, here’s Johnny! Third part of the book is the technical part of the book. By now, you’ll either love it for its grandiose attention to details or loathe it. If you love it, your happiness will never end here. Called ‘Investigating systems’ you must have a clue by now what it deals with. All the little Windows/Unix details and secrets come out of the closet. You’ll first start by creating a nifty and cool response kit for yourself, and jump into the fire by obtaining and storing sensitive information, and performing a review of them. Then, along came the giants of today’s computing: Unix and Windows NT/2000. The third part is closely linked to the fourth part of the book, ‘Investigating Nonplatform specific technology’, dealing with such marvels of technology, like routers, web servers and the like. Not to forget, various hacker tools are covered and dealt with – similar methodology but different platforms and devices.

Part V is made of various appendixes, discussing the issue of identity on the Internet, security policies, various computer crime statutes, response organizations, and such.

Well, well, well…

Let’s clear out one thing here, if you’re not interested a bit in this subject, you’ll find this book boring as hell. Why? It’s packed with wagons of useful information, and most importantly, the authors have a great penchant for details. If you want detailed insider talk on this matter, well, you’ll jump several feet in the air out of pure happiness when you read this book. This is it, small, thick print, finest assortment of computer forensics in books there are.

The authors have exposed a great deal of insider information that is usually hard to stumble across on, and one must be very grateful for their attention to details. If you have tried to look up on the Internet or your local library for books of this sort, you probably returned with empty hands. So, here you have all the necessary knowledge gathered on one place for your own good sake. It is written by professionals, but it also succeeds where others have failed, it is easy to follow, and simple to understand if you have required knowledge. Packed with various examples, possible case scenarios, along with necessary guides on specific platforms and procedures, what more can you ask for?

Of course, this is not your average office Joe book; I’d say more upper intermediate Jack sys admin kind of a book. I’m running pretty much in circles now, but this book is really excellent!

You’ll find it very useful and of utmost importance if you’re a system administrator, or just have a web site, a business LAN or anything computer related that’s plugged into an AC outlet. Anything can be hacked into, from toasters to mainframes, and this book will show you how, where and why to look for possible clues of any malevolent activity that took place. But, it will not teach you how to make French toast, mind you…

Don't miss