Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Incident Response", Douglas Schweitzer

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKINCRSP.RVW 20051029 Incident Response , Douglas Schweitzer, 2003, 0-7645-2636-7, U$45.00/C$67.99/UK#31.50 %A Douglas Schweitzer %C 5353 Dundas Street
    Message 1 of 1 , Jan 23, 2006
      BKINCRSP.RVW 20051029

      "Incident Response", Douglas Schweitzer, 2003, 0-7645-2636-7,
      %A Douglas Schweitzer
      %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
      %D 2003
      %G 0-7645-2636-7
      %I John Wiley & Sons, Inc.
      %O U$45.00/C$67.99/UK#31.50 416-236-4433 fax: 416-236-4448
      %O http://www.amazon.com/exec/obidos/ASIN/0764526367/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0764526367/robsladesin03-20
      %O Audience s+ Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 323 p. + CD-ROM
      %T "Incident Response: Computer Forensics Toolkit"

      The title talks about incident response. The subtitle talks about
      computer forensics. The introduction doesn't clear up the confusion.
      Is the book about forensics? Response? Does Schweitzer think that
      forensics (and which kind?) is the only response there is?

      Chapter one purports to be an introduction to forensic and response
      essentials. It is a vague and disorganized grab bag of issues. (A
      section entitled "Recognizing the Signs of an Incident" talks about
      the fact the you should respond properly, and one supposedly
      addressing issues around preparation suggests that there is a need for
      response to incidents. A two page list of characteristics of various
      operating systems provides such amazing advice as that MS-DOS has text
      on a black screen, while Windows has colours. In any case, the
      response to an incident is the same: pull the plug. Legal issues are
      said to be the topic of chapter two: it lists some US laws related to
      computers. Some items that should be examined in computer or network
      forensic investigations are tabulated in chapter three. Chapter four
      has miscellaneous information about the Registry and file systems.
      Processes (on Windows) and some indications of the potential presence
      of a backdoor (or simply the fact that parts of your operating system
      are running) make up chapter five. Chapter six has random and
      incomplete data on utilities and items that might hold information.
      Procedures for collecting evidence, and lots of other material, is in
      chapter seven. The advice on containment of incidents, in chapter
      eight, seems to be limited to "pull the plug." Chapter nine has
      incomplete recommendations for business continuity and disaster
      recovery. The response to different kinds of threats, in chapter ten,
      is terse, and the largest space is given to a discussion of sexual
      harassment. Chapter eleven is supposed to be dedicated to assessing
      system security in order to prevent further attacks: there is limited
      advice on hardening Windows, and some directions on general security
      reviews. A list of miscellaneous computer attacks and incidents
      closes off the book in chapter twelve.

      The book is randomly structured, disorganized in terms of the written
      material, and excessively verbose. There is some coverage in regard
      to computer forensics for those with no experience in the field, but
      nothing that can't be found elsewhere, with much less work, and in a
      more complete state.

      copyright Robert M. Slade, 2005 BKINCRSP.RVW 20051029

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Security Glossary: http://victoria.tc.ca/techrev/secgloss.htm
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.