Start reading Computer Forensics: Incident Response Essentials on your Kindle in under a minute. Don't have a Kindle? Get your Kindle here.

Deliver to your Kindle or other device

 
 
 

Try it free

Sample the beginning of this book for free

Deliver to your Kindle or other device

Read books on your computer or other mobile devices with our FREE Kindle Reading Apps.
Computer Forensics: Incident Response Essentials
 
 
Share your own customer images

Computer Forensics: Incident Response Essentials [Kindle Edition]

Warren G. Kruse (Author), Jay G. Heiser (Author)
4.0 out of 5 stars  See all reviews (2 customer reviews) |
Digital List Price: £28.65 What's this?
Print List Price: £33.99
Kindle Price: £21.67 includes VAT* & free wireless delivery via Amazon Whispernet
You Save: £12.32 (36%)
Unlike print books, digital books are subject to VAT.

Formats

 Amazon Price New from Used from
Kindle Edition £21.67   -- --
Hardcover --   -- --
Paperback £28.89   -- --

Product Description

Amazon.co.uk Review

Computer security is a crucial aspect of modern information management, and one of the latest buzz words is "incident response"--detecting and reacting to security breaches. Computer Forensics offers information professionals a disciplined approach to implementing a comprehensive incident-response plan, with a focus on being able to detect intruders, discover what damage they did and hopefully find out who they are.

There is little doubt that the authors are serious about cyber investigation. They advise companies to "treat every case like it will end up in court" and although this sounds extreme, it is good advice. Upon detecting a malicious attack on a system, many system administrators react instinctively. This often involves fixing the problem with minimal downtime, then providing the necessary incremental security to protect against an identical attack. The authors warn that this approach often contaminates evidence and makes it difficult to track the perpetrator. This book describes how to maximise system up-time while protecting the integrity of the "crime scene".

The bulk of Computer Forensics details the technical skills required to become an effective electronic sleuth, with an emphasis on providing a well-documented basis for a criminal investigation. The key to success is becoming a "white hat" hacker in order to combat the criminal "black hat" hackers. The message is clear: if you're not smart enough to break into someone else's system, you're probably not smart enough to catch someone breaking into your system. In this vein, the authors use a number of technical examples and encourage the readers to develop expertise of UNIX/Linux and Windows NT fundamentals. They also provide an overview of a number of third-party tools, many of which can be used for both tracking hackers and for probing your own systems.

The authors explain their investigative techniques via a number of real-world anecdotes. It is striking that many of the same hacks detailed in Cliff Stoll's classic The Cuckoo's Egg are still in use over 10 years later--both on the criminal and investigative fronts. It is up to individual companies whether or not to pursue each attempted security violation as a potential criminal case, but Computer Forensics provides a strong argument to consider doing so. --Pete Ostenson

Product Description

Every computer crime leaves tracks–you just have to know where to find them. This book shows you how to collect and analyze the digital evidence left behind in a digital crime scene.

Computers have always been susceptible to unwanted intrusions, but as the sophistication of computer technology increases so does the need to anticipate, and safeguard against, a corresponding rise in computer-related criminal activity.

Computer forensics, the newest branch of computer security, focuses on the aftermath of a computer security incident. The goal of computer forensics is to conduct a structured investigation to determine exactly what happened, who was responsible, and to perform the investigation in such a way that the results are useful in a criminal proceeding.

Written by two experts in digital investigation, Computer Forensics provides extensive information on how to handle the computer as evidence. Kruse and Heiser walk the reader through the complete forensics process–from the initial collection of evidence through the final report. Topics include an overview of the forensic relevance of encryption, the examination of digital evidence for clues, and the most effective way to present your evidence and conclusions in court. Unique forensic issues associated with both the Unix and the Windows NT/2000 operating systems are thoroughly covered.

This book provides a detailed methodology for collecting, preserving, and effectively using evidence by addressing the three A's of computer forensics:

  • Acquire the evidence without altering or damaging the original data.
  • Authenticate that your recorded evidence is the same as the original seized data.
  • Analyze the data without modifying the recovered data.

Computer Forensics is written for everyone who is responsible for investigating digital criminal incidents or who may be interested in the techniques that such investigators use. It is equally helpful to those investigating hacked web servers, and those who are investigating the source of illegal pornography.

See all Product Description

Product details

  • Format: Kindle Edition
  • File Size: 7373 KB
  • Print Length: 416 pages
  • Publisher: Addison-Wesley Professional; 1 edition (26 Sep 2001)
  • Sold by: Amazon Media EU S.à r.l.
  • Language English
  • ASIN: B003Z6QGOA
  • Text-to-Speech: Enabled
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (2 customer reviews)
  • Amazon Bestsellers Rank: #407,787 Paid in Kindle Store (See Top 100 Paid in Kindle Store)

    •  Would you like to give feedback on images?

More About the Author

Warren G. Kruse
Discover books, learn about writers, and more.

Visit Amazon's Warren G. Kruse Page

Tag this product

 (What's this?)
Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organise and find favourite items.
Your tags: Add your first tag
 
See most popular tags

Customer Reviews

5 star
0
3 star
0
2 star
0
1 star
0
Most Helpful Customer Reviews
8 of 8 people found the following review helpful
By A Customer
Format:Paperback
This book makes an excellent introductory text to computer forensics. It should be considered as initial reading by any person keen to learn about this subject. Well-written, well laid out and easy to read by the layman. Good use is made of screen prints to illustrate points. A very worthwhile buy!
Comment | 
Was this review helpful to you?
6 of 6 people found the following review helpful
Format:Paperback
As an IT Developer I am aware of vulnerabilities of today's computer systems in terms of both security and data recovery, or so I thought!. This book has opened my eyes as to how much I didn't know about the subject. This is an easy informative book to read and having almost finished it in a week, I hope my next purchase on the subject teaches me as much as this did.
Comment | 
Was this review helpful to you?
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:  22 reviews
56 of 61 people found the following review helpful
Suitable for newbie incident responders or non-IT staff 9 Oct 2001
By Richard Bejtlich - Published on Amazon.com
Format:Paperback
I am a senior engineer for network security operations. I read "Computer Forensics: Incident Response Essentials" (CFIRE) because I am responsible for performing intrusion detection and incident response on a daily basis. Those with similar skills will probably consider CFIRE too basic. Those working outside the information technology world may find CFIRE enlightening.

I'm a graduate of the SANS System Forensics, Investigation, and Response course and have read "Incident Response: Investigating Computer Crime" (IRICC) by Mandia, Prosise, and Pepe. In my opinion, CFIRE does not offer any new or truly significant material. For example, chapter 2 ("Tracking an Offender") offers several pages on how to find the headers in Outlook messages. Elsewhere, one discovers very elementary information on UNIX commands, searching Windows hard drives, and understanding UNIX file systems. All of this appears in other books or is common knowledge for IT staff.

I was disappointed that the impressive reviewer list did not detect several errors. As a fairly young network engineer, I still recognized this mistake on page 32: "When you dial to an ISP with a modem, you might use a layer 3 protocol called Point to Point Protocol (PPP). Referring back to Figure 2-1, layer 3 is the network layer, and in the case of a dial-up connection, PPP replaces IP." Untrue -- PPP is actually a layer 2 protocol; IP is used above PPP. Furthermore, figure 2-1 on page 24 presents numerous problems: NetBEUI spans layers 3 to 5 (not 3 to 4), web browsers and email clients do not belong at layer 7 (they are applications which call layer 7 protocols), and so on. Also, page 121 claims "you cannot delete an alternate stream from the command line." However, page 193 of "Hacking Exposed: Windows 2000" demonstrates how to remove streams.

On the positive side, CFIRE will probably not scare non-IT staff. They will probably find the numerous tables, screen shots, and references useful. This book could be viewed as a gentle introduction to the incident response and forensics field, especially for the Microsoft Windows crowd.

Two types of staff wear "computer forensics" hats. The first type investigate misuse of computers, typically by authorized personnel. This group is happy to know how to image a drive and search the copy for signs of illicit images or software. The second type investigates compromises, where unknown (usually remote) parties have penetrated a network and used machines for their own purposes. This group will be unsatisfied when CFIRE states on page 132 "we don't anticipate that most readers of this book will become this specialized." If you need that deep level of knowledge, read "Incident Response: Investigating Computer Crime."

(Disclaimer: The publisher provided a free review copy.)
27 of 28 people found the following review helpful
Excellent introduction to the basics 13 April 2002
By Mike Tarrani - Published on Amazon.com
Format:Paperback
The authors, both of whom have impeccable credentials, have managed to distill a complex subject into a book that can be understood by anyone with intermediate-level computer skills. More importantly, computer forensics is a relatively new sub discipline of IT security, making this book important in that there are few books on the topic.

I'll start with the beginning and end of the book, each of which are focused on legal aspects of forensics. The book begins by explaining what forensics is, and giving a three-step process that covers the essentials at a high level: (1) acquire evidence, (2) authenticate it, and (3) analyze it. Although this process is presented at a high level, important details, such as the importance of establishing and maintaining a chain of custody, how to collect and document evidence and key issues to consider when presenting the evidence in court are covered. This discussion is picked up again in Chapter 12, Introduction to the Criminal Justice System, in which applicable laws, advice on dealing with law enforcement agencies, and the distinction between criminal and civil cases are discussed. There is sufficient detail and pointers to put sources of information to arm you with the bare essentials.

Between the opening chapter and Chapter 12 described above are chapters devoted to basic techniques and procedures for tracing email, specific operating system issues (the book deals with UNIX and Windows), encryption, codes and compression and other common challenges an investigator will face. The material is not overly technical, and is presented in easy-to-understand prose. Anyone who works as a network or system administrator, provides desktop support, or is an advanced end user will have no problems following the techniques that are presented or the underlying technical details. If you're seeking an advanced text this book will probably disappoint you, although there is sure to be some new trick or fact that you'll learn. For example, I have over 25 years of IT experience and was fascinated by the discussion of steganography (an information hiding technique). There were other chapters that I quickly skimmed because I was well-versed in the subject matter.

What I like about the book is the easy approach, which makes it easy to develop the fundamental skills necessary to perform forensics. The few other papers and books on the subject are far more advanced and the learning curve is a barrier. This book will give the new security investigator a foothold in the topic upon which he or she can build. I especially liked the appendices, which provide an excellent framework for incident response. One of the best features is the detailed roles and responsibilities, which are well thought out and reinforce the axiom that security is everyone's business. Another outstanding feature is the flowcharts for various incident types, such as denial of service, hostile code, etc. These can be used verbatim in a security policies and procedures manual, as can the incident response form provided in Appendix B. I also liked the valuable URLs provided throughout the book. I knew of many, but was surprised to find invaluable resources that I didn't know about.

Even though much of this book presented information I already knew, I still enjoyed reading it because I picked up facts that I didn't previously know, and was reminded of legal aspects of forensics and security that I'd forgotten. The appendices alone make this worthwhile to even advanced readers, and the fact that it provides an entry point into forensics for new practitioners makes this book invaluable as a training tool and vehicle for professional growth.

18 of 18 people found the following review helpful
A Much Needed Primer 26 Nov 2001
By James Sibley - Published on Amazon.com
Format:Paperback
As a high technology crimes prosecutor in Silicon Valley, this book is just what I've been waiting for. While not an exhaustive treatise on the minutia of computer systems and forensic tools, the authors provide a comprehensive overview of investigative approaches, tools, and techniques desperately needed in the field. This book should be a must read for investigators (public and private), attorneys, and system administrators, as well as corporate management responsible for overseeing either personnel, or the security of network infrastructure and information assets. Both an excellent primer on the developing field of computer forensics and a good resource from which to launch more in depth research into a specific area in the field. While many of the previous works in this field proved to be either uninformative cursory overviews or mind numbing forays into the depths of the arcane, the authors have struck a good balance that makes for an enjoyable and informative read. Not the end all, be all of computer crime investigation, but a damn fine starting point.
Search Customer Reviews
Only search this product's reviews

Popular Highlights

 (What's this?)
&quote;
When you initially collect data, you should create a hash value and record it. &quote;
Highlighted by 4 Kindle users
&quote;
The larger the size of these data chunks, the faster data can be moved to and from the hard drive. &quote;
Highlighted by 3 Kindle users
&quote;
You must be able to account for the evidence the entire time it is in your custody. &quote;
Highlighted by 3 Kindle users

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   

Look for similar items by category

Look for similar items by subject






















i.e., each title must be in subject 1 AND subject 2 AND ...

Amazon Media EU S.à r.l. GB Privacy Statement Amazon Media EU S.à r.l. GB Delivery Information Amazon Media EU S.à r.l. GB Returns & Exchanges