Top 5 Forensic and Incident Response Books

In today's connected world, cyber crime has become all but an inevitability. For IT professionals, the chances that they and their systems will become a victim of a hack attack, virus, worm or other malicious code are, unfortunately, significantly high. When it happens, it is important to know how to conduct a structured and thorough forensic investigation in order to find the clues you need to respond to the incident, interrogate its elements, and defend against future attacks. It is just as important to understand computer crime law, information and evidence requirements, how to gather that potential legal evidence necessary for any subsequent criminal proceedings, and how to work with law enforcement and authorities.

Whether you're a seasoned computer hacking forensic investigator (CHFI) or you're new to the field, these books are excellent sources of information on the topic that will help prepare you for effective incident response and computer forensics.

Incident Response book cover

Douglas Schweitzer does a superb job of providing the reader with the knowledge necessary to respond to computer security incidents. "Incident Response" walks the reader through all of the phases of computer incident response: preparation, detection, clue and evidence gathering, system cleaning, data recovery, and how best to apply the lessons learned that can help prevent future incidents.

A Guide to Forensic Testimony

With the subtitle "The Art and Practice of Presenting Testimony As An Expert Technical Witness" this is an excellent book on the intersection of IT security and the legal system. The authors share their knowledge and experience in the legal system, laying out what it takes to make your computer forensic evidence stand up in court. It also explains what you need to do to sell yourself as an expert witness and stand up to cross-examination. The book covers a lot of legal technicalities, as well as ethical and professional issues.

Computer Forensics

The first edition of this book was published in 2001, but the fundamentals of incident response remain essentially the same. While security experts may not learn anything new from this book, those entering the field will find it invaluable. It is comprehensive yet easy-to-read, while still providing a detailed methodology for collecting, preserving, and using evidence. "Computer Forensics" is a reference worth keeping nearby as a handy reference for any computer forensic investigation.

Incident Response

Kevin Mandia and Chris Prosise have updated and added a ton of new material to this 2nd edition of "Incident Response & Computer Forensics." This book is a must-read if you are responsible for incident response or forensic computer investigations.

Effective Incident Response Team

Julie Lucas and Brian Moeller have written a great book for a manager looking for help in defining and creating a computer incident response team. This book will help answer the necessary questions to create the team and define the scope and focus of a CIRT. The book is in plain English and not too technical.