Incident Response & Computer Forensics

The all-new edition of this security bestseller reveals the most relevant and up-to-date incident response techniques, tools, and case scenarios.

Incident Response & Computer Forensics, Third Edition arms you with the right know-how to react quickly and efficiently to the daily onslaught of data breaches that hit all organizations worldwide. This new edition is chock-full of updates about tools and techniques as well as real-world scenarios reflecting today’s most common types of incidents. Specific, detailed advice covers all aspects of incident investigation and handling, with an emphasis on forensics.

Special features highlight important tips for security practitioners: the Law Enforcement feature that appears throughout all chapters provides advice on when and how law enforcement must be informed; the What Can Happen feature shows how badly certain scenarios could turn out (with non-action or wrong-action) and why; the Where to Look feature guides you through the fastest routes to key evidence; and the Eye Witness feature details relevant real-world cases for context and urgency.

Part I: Introduction to Incident Response covers real-world incidents, an introduction to the incident response process, preparation for incident response, and what happens after the detection of an incident. Part II: Data Collection covers live data collection from Windows and UNIX systems, forensic duplication, collecting network-based evidence, and evidence handling. Part III: Data Analysis covers computer system storage fundamentals, data analysis techniques, investigating Windows and UNIX systems, analyzing network traffic, investigating hacker tools, investigating routers, and writing computer forensic reports.

• The most technically rigorous handbook on incident handling available
• All-new advice on architecting networks from the ground-up to fight intrusions
• New details on streamlining intrusion diagnoses for faster recovery
• New coverage of: log file and massive data analysis; memory analysis; social media portals to entry; malware analysis; and mobile device-originated breaches
• New real-world scenarios added throughout exemplify the latest, most prevalent incident types
• New and up-to-date methods for investigating and assessing hackers' latest tools
• A forensics-forward approach to handling and protecting sensitive data without further compromising systems

Matt Pepe has served as Technical Director for security consulting firm Mandiant for seven years, following his role as Principal Consultant with Foundstone where he performed forensic analysis in more than 100 Federal investigations for the Air Force Office of Special Investigations (AFOSI), the FBI, and other government agencies.

Jason Luttgens, who has worked in information security for nearly 20 years, is Technical Director for security consulting firm Mandiant, has served in NASA’s OIG Computer Crimes Division as a Technical Director, as a forensics investigator for the Department of Defense, and as a network engineer at the 18th Communications Squadron, based in Okinawa, Japan.

Ryan Kazanciyan, Principal Consultant at Mandiant, has eight years of experience specializing in incident response, forensic analysis, penetration testing, and web application security. He has leveraged his consulting experience to lead training sessions for a variety of audiences in law enforcement, the Federal government, and corporate security groups. Ryan has presented at industry and security conferences, including Black Hat, DoD CyberCrime, ShmooCon, Infragard, and ISACA.

Kevin Mandia is the President of security consulting firm Mandiant, which specializes in incident response, computer forensics, and IT security, and provides services, products, and education to commercial and Federal clients, including Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments and several of the U.S.'s leading law firms.