Incident Response: Investigating Computer Crime [Paperback]

Incident Response aims to teach you how to determine when an attack has occurred or is underway--they're often hard to spot--and show you what to do about it. A strong system of defences will save your systems from falling victim to published and otherwise uninventive attacks, but even the most heavily defended system can be cracked under the right conditions. Authors Kevin Mandia and Chris Prosise favour a tools--and procedures-centric approach to the subject, thereby distinguishing this book from others that catalogue attacks and methods for dealing with each. The approach is more generic and therefore better suited to dealing with newly emerging attack techniques.

Anti-attack procedures are presented with the goal of identifying, apprehending and successfully prosecuting attackers. The advice on carefully preserving volatile information, such as the list of processes active at the time of an attack, is easy to follow. The book is quick to endorse tools, the functionalities of which are described so as to inspire creative applications. Information on bad-guy behaviour is top-quality as well, giving readers knowledge of how to interpret logs and other observed phenomena. Mandia and Prosise don't--and can't--offer a foolproof guide to catching crackers in the act, but they do offer a great "best practices" guide to active surveillance. --David Wall

Topics covered: Monitoring computer systems for evidence of malicious activity and reacting to such activity when it's detected. With coverage of Windows and Unix systems as well as non-platform-specific resources like Web services and routers, the book covers the fundamentals of incident response, processes for gathering evidence of an attack and tools for making forensic work easier.

"... poorly trained network administrators and the lack of firewalls and intrustion detection systems still make it difficult to find the source and strategy of the attack." Computerworld article (8/21/00) on Incident Response featuring David Dittrich, a researcher who spoke at the Usenix Security Symposium."

Incident response is a multidisciplinary science that resolves computer crime and complex legal issues, chronological methodologies and technical computer techniques. The commercial industry has embraced and adopted technology that detects hacker incidents. Companies are swamped with real attacks, yet very few have any methodology or knowledge to resolve these attacks. "Incident Response: Investigating Computer Crime" will be the only book on the market that provides the information on incident response that network professionals need to conquer attacks. "Incident Response: Investigating Computer Crime" picks up where "Hacking Exposed" leaves off, describing the methods and techniques necessary to perform a professional and successful response to computer security incidents. It provides an insider's perspective on the incident response process that has never been disclosed or published, including real case scenarios with insightful tips on how to respond to computer crime incidents.

Incident Response: Investigating Computer Crime describes the methods and techniques necessary to perform a professional and successful response to computer security incidents.
Provides an insider's perspective on the incident response process that has never been disclosed or published!
Includes real case scenarios with insightful tips on how to respond to computer crime incidents.
Gain FBI insider information from authors Chris Prosise and Kevin Mandia who are well-recognized network security, forensics and incident response trainers and consultants

Learn secrets and strategies for recovering from computer crime incidents

Respond to security breaches and hacker attacks the right way with help from this insightful and practical guide. You'll get details on the entire computer forensic process and learn the importance of following specific procedures immediately after a computer crime incident occurs. Investigate various software including UNIX, Windows NT, Windows 2000, and application servers. Packed with technical examples and loads of how-to scenarios, this book will show you how to recognize unauthorized access, uncover unusual or hidden files, and monitor Web traffic. Detailed, authoritative, and up to date Incident Response is the only book you need.

-Plan and prepare for all stages of an investigation including detection, initial response, management interaction, and more
-Learn the importance of evidence handling and storage
-Perform a "trap and trace" and learn network protocols
-Monitor network traffic and detect illicit servers and covert channels
-Investigate Web server attacks, DNS attacks, and router attacks

Chris Prosise (Cupertino, CA) VP of Consulting at Foundstone, is a recognized network security expert with extensive experience in attack and penetration testing and incident response. Chris has led government and commercial security teams on missions worldwide, from sensitive incident response missions on Top Secret government networks to comprehensive security assessments on some of the world's largest corporations. Chris is a featured speaker at multiple security conferences such as Forum of Incident Response and Security Teams (FIRST). He has written articles for SysAdmin and is the technical editor of Hacking Exposed. Kevin Mandia (Alexandira, VA) Director of Computer Forensics at Foundstone is a well-recognized forensics and incident response expert. Kevin leads Foundstone's premiere incident response and forensics services, delivering consulting and training services to Foundstone's clients. Prior to joining Foundstone, Kevin was a Special Agent with AFOSI specializing in computer intrusion cases. Upon leaving the AFOSI, Kevin developed a computer intrusion response course specifically designed at the request of the FBI. Kevin trained over 400 FBI agents as well as personnel from the State Department, the CIA, NASA, the U.S. Postal Service, the Air Force, and other Government Agencies. Kevin is a regular speaker at numerous forums, including the Interpol Computer Crime Conference and various conferences hosted by government agencies and law enforcement organizations. He is on the Editorial Board for the International Journal on Cyber Crime.