This book will
teach readers what they need to know to not only set up an incident response effort, but
also how to improve existing incident response efforts. The book provides a comprehensive
approach to incident response, covering everything necessary to deal with all phases of
incident response effectively spanning from pre-incident conditions and considerations to
the end of an incident.
Although
technical considerations are included (e.g. the particular binaries in Unix and Linux and
dynamically linked libraries in Windows NT and Windows 2000) that need to be inspected in
case they are corrupted, the types of logging data available in major operating systems
and how to interpret it to obtain information about incidents, how network attacks can be
detected on the basis of information contained in packets, and so on, the major focus of
this book is on managerial and procedural matters.
Incident
Response advances the notion that without effective management, incident response
cannot succeed.
450 pages