The definitive guide to incident response--updated for the first time in a decade!

Thoroughly revised to cover the latest and most effective tools and techniques, Incident Response & Computer Forensics, Third Edition arms you with the information you need to get your organization out of trouble when data breaches occur. This practical resource covers the entire lifecycle of incident response, including preparation, data collection, data analysis, and remediation. Real-world case studies reveal the methods behind--and remediation strategies for--today's most insidious attacks.

  • Architect an infrastructure that allows for methodical investigation and remediation
  • Develop leads, identify indicators of compromise, and determine incident scope
  • Collect and preserve live data
  • Perform forensic duplication
  • Analyze data from networks, enterprise services, and applications
  • Investigate Windows and Mac OS X systems
  • Perform malware triage
  • Write detailed incident response reports
  • Create and implement comprehensive remediation plans

Table of Contents

Part I: Preparing for the Inevitable Incident
Chapter 1: Real-World Incidents
Chapter 2: IR Management Handbook
Chapter 3: Pre-Incident Preparation

Part II: Incident Detection and Characterization
Chapter 4: Getting the Investigation Started on the Right Foot
Chapter 5: Initial Development of Leads
Chapter 6: Discovering the Scope of the Incident

Part III: Data Collection
Chapter 7: Live Data Collection
Chapter 8: Forensic Duplication
Chapter 9: Network Evidence
Chapter 10: Enterprise Services

Part IV: Data Analysis
Chapter 11: Analysis Methodology
Chapter 12: Investigating Windows Systems
Chapter 13: Investigating Mac OS X Systems
Chapter 14: Investigating Applications
Chapter 15: Malware Triage
Chapter 16: Report Writing

Part V: Remediation
Chapter 17: Remediation Introduction
Chapter 18: Remediation Case Study