FRAMINGHAM (10/03/2003) - Incident Response and Computer Forensics, Second Edition, by Chris Prosise, Kevin Mandia and Matt Pepe; McGraw-Hill Osborne Media, 2003.
The most difficult aspect of an intrusion investigation is the analysis of the forensic evidence. Whether you're a newbie or a seasoned professional, this book is a great reference to use during an investigation or to review to keep up your forensics skills. Packed with some great material and presented in a readable style, this book takes security professionals from initial data collection through an actual analysis. It includes plenty of references, real-world examples and explanations of tools and techniques.