Top 5 Forensic and Incident Response Books

The reality is that you are almost bound to become a victim at some point to a hack attack, virus, worm or other malicious code. When that happens you need to have knowledge of how to conduct a forensic investigation and find the clues you need to handle the incident.[ These books are excellent sources of information on this topic.

Douglas Schweitzer does a superb job of providing the reader with the knowledge they need to respond to computer security incidents. Incident Response walks the reader through all of the phases of computer incident response: preparation, detection, gathering clues and evidence, cleaning the system, recovering lost data and applying any lessons learned to prevent future incidents.

02
of 05

A Guide to Forensic Testimony

A Guide to Forensic Testimony
Amazon

A Guide to Forensic Testimony is an excellent book on this subject. The authors share their knowledge and experience of the legal system and what it takes to make your computer forensic evidence stand up in court and what you need to do to sell yourself as an expert witness and stand up to cross-examination. The book covers a lot of legal technicalities as well as ethical and professional issues.

This book is a couple years old now, but the fundamentals remain essentially the same. While security experts may not learn anything new from this book, those entering the field will find it invaluable. It is comprehensive and detailed while remaining easy to read. Computer Forensics could easily be kept nearby as a handy reference for a computer forensic investigation.

Kevin Mandia and Chris Prosise have updated and added a ton to this 2nd edition of Incident Response & Computer Forensics. If you are responsible for incident response or forensic computer investigations this book is a must read.

05
of 05

Effective Incident Response Team

Effective Incident Response Team
Amazon

Julie Lucas and Brian Moeller have written a great book for a manager looking for help in defining and creating a computer incident response team. This book will help answer the necessary questions to create the team and define the scope and focus of a CIRT. The book is in plain English and not too technical.