- Shopping Bag ( 0 items )
The book also covers the emerging field of "live forensics," where investigators examine a system to obtain evidence while it is still running, thus preserving live data that may be lost if the system is shut down. Coverage includes: Responding to a reported computer intrusion, Conducting the initial interview with the victims, Understanding how attackers exploit Windows networks, Deciphering Windows file systems, registries, and more, Analyzing data rapidly using live analysis techniques, Examining suspects' computers, Using EnCase[Registered] for Windows event log analysis, Presenting technically complicated material to juries.
Posted April 17, 2007
As a law enforcement officer, I've often found myself frustrated by books that cover incident response, but never discuss law enforcement involvement, except as an afterthought. While I understand that it's important for corporate and internal investigators to have this type of information, it's refreshing to find a book that talks about the law enforcement response to an computer crime incident. I've had the privilege of attending classes instructed by both of these authors. One of the things that impressed me about their classes is that they were able to break down complicated technical concepts into terms that cops can understand. They continue to do that in this book. Computer crime investigators need to add this book to their libraries. I'd say it's a must have.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.