Computer Forensics: Incident Response Essentials and over one million other books are available for Amazon Kindle . Learn more

Buy New

or
Sign in to turn on 1-Click ordering.
or
Amazon Prime free trial required. Sign up when you check out. Learn more
Buy Used
Used - Good See details
Price: £7.77
Fulfilled by Amazon

or
Sign in to turn on 1-Click ordering.
 
   
More Buying Choices
Have one to sell? Sell yours here
or
Get a £2.70 Amazon.co.uk Gift Card
Computer Forensics: Incident Response Essentials
 
 
Share your own customer images
Search inside this book
Start reading Computer Forensics: Incident Response Essentials on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Computer Forensics: Incident Response Essentials [Paperback]

Warren G. Kruse II (Author), Jay G. Heiser (Author)
4.0 out of 5 stars  See all reviews (2 customer reviews)
RRP: £33.99
Price: £28.89 & this item Delivered FREE in the UK with Super Saver Delivery. See details and conditions
You Save: £5.10 (15%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In stock.
Dispatched from and sold by Amazon.co.uk. Gift-wrap available.
Only 2 left in stock--order soon (more on the way).
Want guaranteed delivery by Thursday, June 7? Choose Express delivery at checkout. See Details

Formats

 Amazon Price New from Used from
Kindle Edition £21.67   -- --
Hardcover --   -- --
Paperback £28.89   -- --
Trade In this Item for up to £2.70
Get an extra £5 when you trade in books worth £10 or more until June 30, 2012. Trade in Computer Forensics: Incident Response Essentials for an Amazon.co.uk gift card of up to £2.70, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Find more products eligible for trade-in.

Frequently Bought Together

Customers buy this book with File System Forensic Analysis by Brian Carrier Paperback £35.97

Computer Forensics: Incident Response Essentials + File System Forensic Analysis
Price For Both: £64.86

Show availability and delivery details

  • This item: Computer Forensics: Incident Response Essentials by Warren G. Kruse II Paperback

    In stock.
    Dispatched from and sold by Amazon.co.uk.
    This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions

  • File System Forensic Analysis by Brian Carrier Paperback

    In stock.
    Dispatched from and sold by Amazon.co.uk.
    This item Delivered FREE in the UK with Super Saver Delivery. See details and conditions

Product details

  • Paperback: 416 pages
  • Publisher: Addison Wesley; 1 edition (26 Sep 2001)
  • Language English
  • ISBN-10: 0201707195
  • ISBN-13: 978-0201707199
  • Product Dimensions: 23.8 x 18.5 x 1.5 cm
  • Average Customer Review: 4.0 out of 5 stars  See all reviews (2 customer reviews)
  • Amazon Bestsellers Rank: 374,217 in Books (See Top 100 in Books)

    •  Would you like to update product info or give feedback on images?

  • See Complete Table of Contents

More About the Author

Warren G. Kruse
Discover books, learn about writers, and more.

Visit Amazon's Warren G. Kruse Page

Product Description

Amazon.co.uk Review

Computer security is a crucial aspect of modern information management, and one of the latest buzz words is "incident response"--detecting and reacting to security breaches. Computer Forensics offers information professionals a disciplined approach to implementing a comprehensive incident-response plan, with a focus on being able to detect intruders, discover what damage they did and hopefully find out who they are.

There is little doubt that the authors are serious about cyber investigation. They advise companies to "treat every case like it will end up in court" and although this sounds extreme, it is good advice. Upon detecting a malicious attack on a system, many system administrators react instinctively. This often involves fixing the problem with minimal downtime, then providing the necessary incremental security to protect against an identical attack. The authors warn that this approach often contaminates evidence and makes it difficult to track the perpetrator. This book describes how to maximise system up-time while protecting the integrity of the "crime scene".

The bulk of Computer Forensics details the technical skills required to become an effective electronic sleuth, with an emphasis on providing a well-documented basis for a criminal investigation. The key to success is becoming a "white hat" hacker in order to combat the criminal "black hat" hackers. The message is clear: if you're not smart enough to break into someone else's system, you're probably not smart enough to catch someone breaking into your system. In this vein, the authors use a number of technical examples and encourage the readers to develop expertise of UNIX/Linux and Windows NT fundamentals. They also provide an overview of a number of third-party tools, many of which can be used for both tracking hackers and for probing your own systems.

The authors explain their investigative techniques via a number of real-world anecdotes. It is striking that many of the same hacks detailed in Cliff Stoll's classic The Cuckoo's Egg are still in use over 10 years later--both on the criminal and investigative fronts. It is up to individual companies whether or not to pursue each attempted security violation as a potential criminal case, but Computer Forensics provides a strong argument to consider doing so. --Pete Ostenson

Product Description

Every computer crime leaves tracks—you just have to know where to find them. This book shows you how to collect and analyze the digital evidence left behind in a digital crime scene.

Computers have always been susceptible to unwanted intrusions, but as the sophistication of computer technology increases so does the need to anticipate, and safeguard against, a corresponding rise in computer-related criminal activity.

Computer forensics, the newest branch of computer security, focuses on the aftermath of a computer security incident. The goal of computer forensics is to conduct a structured investigation to determine exactly what happened, who was responsible, and to perform the investigation in such a way that the results are useful in a criminal proceeding.

Written by two experts in digital investigation, Computer Forensics provides extensive information on how to handle the computer as evidence. Kruse and Heiser walk the reader through the complete forensics process—from the initial collection of evidence through the final report. Topics include an overview of the forensic relevance of encryption, the examination of digital evidence for clues, and the most effective way to present your evidence and conclusions in court. Unique forensic issues associated with both the Unix and the Windows NT/2000 operating systems are thoroughly covered.

This book provides a detailed methodology for collecting, preserving, and effectively using evidence by addressing the three A's of computer forensics:

  • Acquire the evidence without altering or damaging the original data.
  • Authenticate that your recorded evidence is the same as the original seized data.
  • Analyze the data without modifying the recovered data.

Computer Forensics is written for everyone who is responsible for investigating digital criminal incidents or who may be interested in the techniques that such investigators use. It is equally helpful to those investigating hacked web servers, and those who are investigating the source of illegal pornography.



0201707195B09052001
See all Product Description
Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

Suggested Tags from Similar Products

 (What's this?)
Be the first one to add a relevant tag (keyword that's strongly related to this product)
 
(7)
(5)
(2)
(2)
(1)
(1)
(1)
(1)
(1)
(1)

Your tags: Add your first tag
 
See most popular tags

What Other Items Do Customers Buy After Viewing This Item?

Explore similar items

Customer Reviews

5 star
0
3 star
0
2 star
0
1 star
0
Most Helpful Customer Reviews
8 of 8 people found the following review helpful
By A Customer
Format:Paperback
This book makes an excellent introductory text to computer forensics. It should be considered as initial reading by any person keen to learn about this subject. Well-written, well laid out and easy to read by the layman. Good use is made of screen prints to illustrate points. A very worthwhile buy!
Comment | 
Was this review helpful to you?
6 of 6 people found the following review helpful
Format:Paperback
As an IT Developer I am aware of vulnerabilities of today's computer systems in terms of both security and data recovery, or so I thought!. This book has opened my eyes as to how much I didn't know about the subject. This is an easy informative book to read and having almost finished it in a week, I hope my next purchase on the subject teaches me as much as this did.
Comment | 
Was this review helpful to you?
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:  22 reviews
56 of 61 people found the following review helpful
Suitable for newbie incident responders or non-IT staff 9 Oct 2001
By Richard Bejtlich - Published on Amazon.com
Format:Paperback
I am a senior engineer for network security operations. I read "Computer Forensics: Incident Response Essentials" (CFIRE) because I am responsible for performing intrusion detection and incident response on a daily basis. Those with similar skills will probably consider CFIRE too basic. Those working outside the information technology world may find CFIRE enlightening.

I'm a graduate of the SANS System Forensics, Investigation, and Response course and have read "Incident Response: Investigating Computer Crime" (IRICC) by Mandia, Prosise, and Pepe. In my opinion, CFIRE does not offer any new or truly significant material. For example, chapter 2 ("Tracking an Offender") offers several pages on how to find the headers in Outlook messages. Elsewhere, one discovers very elementary information on UNIX commands, searching Windows hard drives, and understanding UNIX file systems. All of this appears in other books or is common knowledge for IT staff.

I was disappointed that the impressive reviewer list did not detect several errors. As a fairly young network engineer, I still recognized this mistake on page 32: "When you dial to an ISP with a modem, you might use a layer 3 protocol called Point to Point Protocol (PPP). Referring back to Figure 2-1, layer 3 is the network layer, and in the case of a dial-up connection, PPP replaces IP." Untrue -- PPP is actually a layer 2 protocol; IP is used above PPP. Furthermore, figure 2-1 on page 24 presents numerous problems: NetBEUI spans layers 3 to 5 (not 3 to 4), web browsers and email clients do not belong at layer 7 (they are applications which call layer 7 protocols), and so on. Also, page 121 claims "you cannot delete an alternate stream from the command line." However, page 193 of "Hacking Exposed: Windows 2000" demonstrates how to remove streams.

On the positive side, CFIRE will probably not scare non-IT staff. They will probably find the numerous tables, screen shots, and references useful. This book could be viewed as a gentle introduction to the incident response and forensics field, especially for the Microsoft Windows crowd.

Two types of staff wear "computer forensics" hats. The first type investigate misuse of computers, typically by authorized personnel. This group is happy to know how to image a drive and search the copy for signs of illicit images or software. The second type investigates compromises, where unknown (usually remote) parties have penetrated a network and used machines for their own purposes. This group will be unsatisfied when CFIRE states on page 132 "we don't anticipate that most readers of this book will become this specialized." If you need that deep level of knowledge, read "Incident Response: Investigating Computer Crime."

(Disclaimer: The publisher provided a free review copy.)
27 of 28 people found the following review helpful
Excellent introduction to the basics 13 April 2002
By Mike Tarrani - Published on Amazon.com
Format:Paperback
The authors, both of whom have impeccable credentials, have managed to distill a complex subject into a book that can be understood by anyone with intermediate-level computer skills. More importantly, computer forensics is a relatively new sub discipline of IT security, making this book important in that there are few books on the topic.

I'll start with the beginning and end of the book, each of which are focused on legal aspects of forensics. The book begins by explaining what forensics is, and giving a three-step process that covers the essentials at a high level: (1) acquire evidence, (2) authenticate it, and (3) analyze it. Although this process is presented at a high level, important details, such as the importance of establishing and maintaining a chain of custody, how to collect and document evidence and key issues to consider when presenting the evidence in court are covered. This discussion is picked up again in Chapter 12, Introduction to the Criminal Justice System, in which applicable laws, advice on dealing with law enforcement agencies, and the distinction between criminal and civil cases are discussed. There is sufficient detail and pointers to put sources of information to arm you with the bare essentials.

Between the opening chapter and Chapter 12 described above are chapters devoted to basic techniques and procedures for tracing email, specific operating system issues (the book deals with UNIX and Windows), encryption, codes and compression and other common challenges an investigator will face. The material is not overly technical, and is presented in easy-to-understand prose. Anyone who works as a network or system administrator, provides desktop support, or is an advanced end user will have no problems following the techniques that are presented or the underlying technical details. If you're seeking an advanced text this book will probably disappoint you, although there is sure to be some new trick or fact that you'll learn. For example, I have over 25 years of IT experience and was fascinated by the discussion of steganography (an information hiding technique). There were other chapters that I quickly skimmed because I was well-versed in the subject matter.

What I like about the book is the easy approach, which makes it easy to develop the fundamental skills necessary to perform forensics. The few other papers and books on the subject are far more advanced and the learning curve is a barrier. This book will give the new security investigator a foothold in the topic upon which he or she can build. I especially liked the appendices, which provide an excellent framework for incident response. One of the best features is the detailed roles and responsibilities, which are well thought out and reinforce the axiom that security is everyone's business. Another outstanding feature is the flowcharts for various incident types, such as denial of service, hostile code, etc. These can be used verbatim in a security policies and procedures manual, as can the incident response form provided in Appendix B. I also liked the valuable URLs provided throughout the book. I knew of many, but was surprised to find invaluable resources that I didn't know about.

Even though much of this book presented information I already knew, I still enjoyed reading it because I picked up facts that I didn't previously know, and was reminded of legal aspects of forensics and security that I'd forgotten. The appendices alone make this worthwhile to even advanced readers, and the fact that it provides an entry point into forensics for new practitioners makes this book invaluable as a training tool and vehicle for professional growth.

18 of 18 people found the following review helpful
A Much Needed Primer 26 Nov 2001
By James Sibley - Published on Amazon.com
Format:Paperback
As a high technology crimes prosecutor in Silicon Valley, this book is just what I've been waiting for. While not an exhaustive treatise on the minutia of computer systems and forensic tools, the authors provide a comprehensive overview of investigative approaches, tools, and techniques desperately needed in the field. This book should be a must read for investigators (public and private), attorneys, and system administrators, as well as corporate management responsible for overseeing either personnel, or the security of network infrastructure and information assets. Both an excellent primer on the developing field of computer forensics and a good resource from which to launch more in depth research into a specific area in the field. While many of the previous works in this field proved to be either uninformative cursory overviews or mind numbing forays into the depths of the arcane, the authors have struck a good balance that makes for an enjoyable and informative read. Not the end all, be all of computer crime investigation, but a damn fine starting point.
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   

Listmania!

Create a Listmania! list

Look for similar items by category

Look for similar items by subject























i.e., each product must be in subject 1 AND subject 2 AND ...

Feedback


Amazon.co.uk Privacy Statement Amazon.co.uk Delivery Information Amazon.co.uk Returns & Exchanges