Do not forget Brian Carrier's EXCELLENT book, "File System Forensic Analysis". This book and "Real Digital Forensics" were VERY HIGHLY recommended by my mentors...
Chip Meadows, CISA, CISSP, CCSE "The significant problems we face cannot be solved by the same level of thinking that created them"... Albert Einstein My opinions, not ANYONE ELSES. So there... -----Original Message----- From: Cooper, Christopher [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 24, 2006 3:20 PM To: [EMAIL PROTECTED]; [email protected] Subject: RE: Re: REVIEW: "Incident Response", Douglas Schweitzer I can recommend two excellent books, which have recently come out: Real Digital Forensics, Jones, Bejtlich and Rose Forensic Discovery, Farmer and Venema Both have excellent reviews written about them at Amazon. Good luck and happy reading. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 24, 2006 10:35 AM To: [email protected] Subject: Re: Re: REVIEW: "Incident Response", Douglas Schweitzer Good question but too general for any type of specific response. What exactly are you looking to examine? Router activity, servers, workstation (probably considered by many to be one in the same) network, disk, etc. The first thing I would recommend to anyone considering what to do /snip
