"Computer Forensics, Incident Response Essentials is a phenomenal introduction to the tools and techniques for computer forensic response.  The book listed a number of tools that I had never heard of before.  I can't wait to download several of these and take them for a spin."

Stephen Northcutt, Director, The SANS Institute.

From Book News, Inc.:
"Just as regular police forensics focus on the information available at a crime scene, computer forensics looks at evidence that can be gleaned in the aftermath of a computer security incident. Two computer security professionals provide a methodology for collecting information that can lead to a perpetrator and prove useful in prosecutions. Chapters cover encryption, data hiding, hostile code, and introductions to forensics on Windows and Unix operating systems." Copyright © 2004 Book News, Inc., Portland, OR

	Computer Forensics Warren G. Kruse II... Privacy Information

"Computer Forensics: Incident Response Essentials" (in order of purchase):

• Mississippi State University (a "Center of Academic Excellence" designated by the National Security Agency)

• Redlands Community College

• University of Maryland, College Park

• Southern Oregon University

• University of Nebraska, Omaha

• Spokane Falls Community College

• Lee College

• Saint Ambrose University

• University of Illinois

• Stanford University

• Bay Path College

• Catawba Valley Community College

• Clover Park Technical College

• Champlain College

• Freed Hardeman University

• Lake Washington Technical College

• Chemeketa Community College

• Bay Path College
  
• Colorado State
  
• Clover Park Technical College
  
• Dublin City University (Ireland)
  
• Freed Hardeman University
  
• Iowa State University (a "Center of Academic Excellence" designated by NSA)
  
• Juniata College
  
• Kennesaw State University
  
• Purdue (a "Center of Academic Excellence" designated by NSA)
  
• Portland State University
  
• Redlands Community College
  
• Southern Oregon University
  
• Spokane Falls Community College
  
• Universidad de los Andes (Columbia)
  
• University of Alaska
  
• West Chester University
• Computer Forensics Bootcamp at Intense School
• Computer Forensics at New Technologies Int'l
• Incident Response at the Federal Law Enforcement Training Center

Book Reviews:

Amazon.com: Great book!, December 31, 2004
Reviewer: Eric Kent (USA) - See all my reviews
Very readable and interesting.

The authors really know what they are talking about

Information Security Magazine (April 2002)

"Kruse & Heiser's treatment of the forensics process is among their book's strengths: The authors have a clear plan and stick to it. They assume relatively little knowledge on the reader's part, and work from a good overview of procedures into specifics."

http://www.infosecuritymag.com/2002/apr/crackingbooks.shtml

Newsletter of the IEEE Computer Society

TC on Security and Privacy Electronic Issue 46 January 16, 2002

Jim Davis, Editor

Hilarie Orman, Assoc. Editor Bob Bruen, Book Review Editor

Mary Ellen Zurko, Assoc. Editor Anish Mathuria, Reader’s Guide

"The main topics addressed are that of using the net to track down an intruder and disk and file analysis. They explain about Unix systems for the Windows folks and they cover the criminal justice system. For anyone who expects to handle a break-in incident, this book is something that ought to have been read in advance. The book is well organized with a good number of illustrations. The tools presented are both free and commercial, which is helpful for getting started. They explain in detail how to use the tools that protect the disk contents while being copied, pointing the obvious that one should work on a copy not the evidence. This little mistake could easily ruin the whole process..."

"One more book the security professional ought to read."

From: http://www.net-security.org/

"This book is the first thing you need to read about computer forensics, providing you can keep up. A level of knowledge is expected from the reader, but any computer user with interest will understand it, not to mention system administrators of any level.

"You'll learn to find trails where they aren't supposed to exist, and to read the between the lines, not to say sectors or nodes of data on the disk."

"As with any reading material in IT area of expertise, there is always the danger of becoming obsolete, and that's also where this book stands out of the crowd. It does guide its reader through forensics, and points out the proper way of doing things, but not only applicable on today's computers, disks and gadgetry. You needn't worry that by the time you get it, it will serve you no good. Nope. Of course, contemporary tools and utilities used are mentioned, but in the manner that is appropriate, in footnotes, or if included in text like an example..."

"If computer forensics classes start to pop up massively, this will be the book to base them on."

"Nothing can prove to be a substitute for experience, but it will point the direction where you can learn and get the experience necessary to become a modern version of Sherlock Holmes. Essential reading, my dear Watson!"

From Amazon.com:

Excellent coverage, recommended reading., February 13, 2003
 

The authors did a great job covering forensics and response. Very thorough and easy to follow. I read this book in two evenings and use it as a reference as I audit my networks. Recommended.

 

Outstanding book on forensics, May 5, 2002

This is an outstanding book. Well written, very educational. If you're tasked with handling computer security incidents, you'll want to have a copy of this book on your bookshelf. The first chapter is an outstanding quick overview of the entire scope of incident response.

 

Excellent introduction to the basics, April 13, 2002

Reviewer: Mike Tarrani (see more about me) from Tustin, CA USA

The authors, both of whom have impeccable credentials, have managed to distill a complex subject into a book that can be understood by anyone with intermediate-level computer skills. More importantly, computer forensics is a relatively new sub discipline of IT security, making this book important in that there are few books on the topic.

I'll start with the beginning and end of the book, each of which are focused on legal aspects of forensics. The book begins by explaining what forensics is, and giving a three-step process that covers the essentials at a high level: (1) acquire evidence, (2) authenticate it, and (3) analyze it. Although this process is presented at a high level, important details, such as the importance of establishing and maintaining a chain of custody, how to collect and document evidence and key issues to consider when presenting the evidence in court are covered. This discussion is picked up again in Chapter 12, Introduction to the Criminal Justice System, in which applicable laws, advice on dealing with law enforcement agencies, and the distinction between criminal and civil cases are discussed. There is sufficient detail and pointers to put sources of information to arm you with the bare essentials.

Between the opening chapter and Chapter 12 described above are chapters devoted to basic techniques and procedures for tracing email, specific operating system issues (the book deals with UNIX and Windows), encryption, codes and compression and other common challenges an investigator will face. The material is not overly technical, and is presented in easy-to-understand prose. Anyone who works as a network or system administrator, provides desktop support, or is an advanced end user will have no problems following the techniques that are presented or the underlying technical details. If you're seeking an advanced text this book will probably disappoint you, although there is sure to be some new trick or fact that you'll learn. For example, I have over 25 years of IT experience and was fascinated by the discussion of steganography (an information hiding technique). There were other chapters that I quickly skimmed because I was well-versed in the subject matter.

What I like about the book is the easy approach, which makes it easy to develop the fundamental skills necessary to perform forensics. The few other papers and books on the subject are far more advanced and the learning curve is a barrier. This book will give the new security investigator a foothold in the topic upon which he or she can build. I especially liked the appendices, which provide an excellent framework for incident response. One of the best features is the detailed roles and responsibilities, which are well thought out and reinforce the axiom that security is everyone's business. Another outstanding feature is the flowcharts for various incident types, such as denial of service, hostile code, etc. These can be used verbatim in a security policies and procedures manual, as can the incident response form provided in Appendix B. I also liked the valuable URLs provided throughout the book. I knew of many, but was surprised to find invaluable resources that I didn't know about.

Even though much of this book presented information I already knew, I still enjoyed reading it because I picked up facts that I didn't previously know, and was reminded of legal aspects of forensics and security that I'd forgotten. The appendices alone make this worthwhile to even advanced readers, and the fact that it provides an entry point into forensics for new practitioners makes this book invaluable as a training tool and vehicle for professional growth.