Table Of Content526367 Cover_rb2.qxp 3/19/03 3:53 PM Page 1
Networking/Security $45.00 USA/$67.99 CAN/£31.50 UK
TIMELY. PRACTICAL. RELIABLE.
INCLUDES
CD-ROM
Your in-depth guide to detecting network breaches, uncovering evidence, Incident
I
and preventing future attacks n
c
i
Whether it’s from malicious code sent You’ll learn how to: DOUGLAS SCHWEITZERis an
d
through an e-mail or an unauthorized Internet security specialist and
• Recognize the telltale signs of an
user accessing company files, your authority on malicious code and e
incident and take specific response
network is vulnerable to attack. Your computer forensics. He is a Cisco Response
measures n
response to such incidents is critical. Certified Network Associate and
With this comprehensive guide, • Search for evidence by preparing Certified Internet Webmaster t
Douglas Schweitzer arms you with the operating systems, identifying Associate, and holds A+,
tools to reveal a security breach, gather network devices, and collecting Network+, and i-Net+certifica- R
evidence to report the crime, and con- data from memory tions.Schweitzer is also the
duct audits to prevent future attacks. author of Internet Security Made e
• Analyze and detect when malicious
He also provides you with a firm Easyand Securing the Network
code enters the system and quickly s
understanding of the methodologies from Malicious Code.
locate hidden files p
for incident response and computer
forensics, Federal Computer Crime law • Perform keyword searches, review o
information and evidence require- browser history, and examine Web
ments, legal issues, and how to work caches to retrieve and analyze clues n
CD-ROM includes:
with law enforcement.
• Create a forensics toolkit to prop- • Helpful tools to capture and s
erly collect and preserve evidence protect forensic data; search
e
volumes, drives, and servers for
• Contain an incident by severing Computer
evidence; and rebuild systems
network and Internet connections,
quickly after evidence has been
and then eradicate any vulnerabili-
obtained
ties you uncover Forensics
• Valuable checklists developed
• Anticipate future attacks and
by the author for all aspects of
monitor your system accordingly
incident response and handling Toolkit
• Prevent espionage, insider
attacks, and inappropriate use of
the network
• Develop policies and procedures to
carefully audit the system
Wiley Technology Publishing Timely. Practical. Reliable.
Visit our Web site at www.wiley.com/compbooks/
Schweitzer
ISBN: 0-7645-2636-7
Douglas Schweitzer
*85555-IGFADh ,!7IA7G4-fcgdgh!:p;o;p;K;K
a526367 FM.qxd 3/21/03 3:37 PM Page i
Incident Response:
Computer Forensics Toolkit
a526367 FM.qxd 3/21/03 3:37 PM Page ii
a526367 FM.qxd 3/21/03 3:37 PM Page iii
Incident Response:
Computer Forensics
Toolkit
Douglas Schweitzer
a526367 FM.qxd 3/21/03 3:37 PM Page iv
Incident Response: Computer Forensics Toolkit
Published by
Wiley Publishing, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256
www.wiley.com
Copyright © 2003 by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 0-7645-2636-7
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
1O/RR/QU/QT/IN
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic,
mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States
Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy
fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8700. Requests to the
Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN
46256, (317) 572-3447, fax (317) 572-4447, E-Mail: permcoordinator@wiley.com.
Limit of Liability/Disclaimer of Warranty:While the publisher and author have used their best efforts in preparing this book, they make
no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any
implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives
or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a
professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages,
including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department
within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.
Library of Congress Cataloging-in-Publication Data on file with the publisher.
Trademarks:Wiley, the Wiley Publishing logo, and related trade dress are trademarks or registered trademarks of Wiley Publishing, Inc., in
the United States and other countries, and may not be used without written permission. All other trademarks are the property of their
respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.
a526367 FM.qxd 3/21/03 3:37 PM Page v
About the Author
Douglas Schweitzer is an Internet security specialist with Brainbench certifications in Internet
security and ITAA Information Security Awareness. Douglas is a Certified Internet Webmaster
Associate, and he holds A+, Network+, and i-Net+ certifications from the Computing Technology
Industry Association. He has appeared as an Internet security guest speaker on several radio
shows, including KYW Philadelphia, as well as on Something You Should Know and Computer
Talk America, two nationally syndicated radio shows. He is also the author of Securing the
Network from Malicious Code: A Complete Guide to Defending Against Viruses, Worms, and
Trojansand Internet Security Made Easy: A Plain-English Guide to Protecting Yourself and Your
Company Online.
a526367 FM.qxd 3/21/03 3:37 PM Page vi
Credits
ACQUISITIONS EDITOR PROJECT COORDINATORS
Katie Feltman Cindy Phipps, Bill Ramsey
PROJECT EDITOR GRAPHICS AND PRODUCTION SPECIALISTS
Mark Enochs Beth Brooks, Sean Decker,
LeAndra Johnson, Stephanie Jumper,
TECHNICAL EDITOR Kristin McMullan, Heather Pope,
Russell Shumway JuliaTrippetti
COPY EDITOR QUALITY CONTROL TECHNICIANS
Maarten Reilingh Carl W. Pierce, Robert Springer
EDITORIAL MANAGER PERMISSIONS EDITOR
Mary Beth Wakefield Laura Moss
VICE PRESIDENT & EXECUTIVE MEDIA DEVELOPMENT SPECIALIST
GROUP PUBLISHER Travis Silvers
Richard Swadley
PROOFREADING
VICE PRESIDENT AND EXECUTIVE PUBLISHER Kim Cofer
Bob Ipsen
INDEXING
EXECUTIVE EDITOR Virginia Bess
Carol Long
EXECUTIVE EDITORIAL DIRECTOR
Mary Bednarek
a526367 FM.qxd 3/21/03 3:37 PM Page vii
This book is dedicated in loving memory of Mirhan “Mike” Arian,
whose insight and camaraderie are forever missed.
a526367 FM.qxd 3/21/03 3:37 PM Page viii
