Incident Response & Computer Forensics, Third Edition

I would like to add the following comments - I personally know two of the authors and the technical editor for over 15 years. I have edition one and two and recently purchased edition three. I not only recommend the read for security professionals - I recommend the read for CXOs of companies and senior management in the Federal, State, Local governments - and of course the Military. Their Real-World Incidents are exceptional - the Live Data Collection section (I would rate at 10 Star) - Spend sometime reading and understanding the Foreword section - written by Jamie, another expert in the area. He sets the tone for a valuable education trip. There are many lessons learned and good advice given. They also answered the "So What?" question throughout the book. Lastly in Chapter 18 they "set the Strategic Direction" - They list 10 recommendations - Follow them if you want to keep your system as safe as possible with today's technology. Kudos go to the authors and the people who supported them throughout their professional careers.

Reading this book it is evident that the authors: - know their shit (duh), - are very sharp (logical and orderly layout of information; clear and focused explanations; no fluff) - are great at teaching (case studies; teach not only what to do but also why to do it, and what may happen if you don't, with short 2-sentence examples to spice it up) It is a joy to read, and I am of the same mind as the other reviewers who have given it 5 stars - it's a must-read for every cyber-security professional.

A bit outdated, but a good read.

This book is a collaboration between three highly respected DFIR examiners, including Kevin Mandian who was the founder of Mandiant—named Best Security Company by SC Magazine in 2012 and 2013 (now under FireEye). Although I have a background in DFIR, I had more experience in dead-box Digital Forensics and wanted to expand my knowledge and experience in IR, thereby prompting me to purchase this book. Although it is already four years old, the framework, workflow, and methods that the authors provide are still very relevant. In a nutshell, this book should be a manual in every DFIR’s reference shelve. For beginners, it lays down a clear and straightforward blueprint into IR investigations. For IR veterans, it serves as a refresher. If they wrote another on tomorrow, I would buy it immediately because the information is extremely useful.

Great book beginning to end. I would highly recommend anyone in the DFIR, Security Operations, or threat intel community to make this a mandatory reading for new hires or individuals new to cyber security. Hopefully they will write another one in the next couple of years as technology and attack methods change rapidly. The first few chapters are great since it gives real life incident response scenarios that are seen in the community.

The first 6 chapters are a bit repetitive, but after that's been seared into your memory it becomes a great guid. When you've finished it's nice to keep around for referencing.

This is an excellent resource on Incident Response / Digital Forensics that I would quickly recommend to anyone serious about the topic. It's well-constructed with a logical flow, presented in an easily understandable manner. Well done.

This book takes you through setup, organization, structure, where and how, case studies, plus provides rationale on why! Thumbs up!

Fantastic book to read and a great reference.

Ottimo libro. Consigliato

An excellent reference. A door to lead you into the profession of IT security with speciality on incident response. Highly recommended.

Better than expected

Good introduction to IR. Lots of good procedural material in here. This is sort of the IR bible so I've heard from colleagues.