What happens after a network intrusion is detected? What steps do you need to take? What is the proper way to react in a specific situation? The authors say their intention was to introduce the reader to the core principles and steps of an intrusion investigation. Read on to find out if they succeeded.
About the authors
Joe Fichera is a computer forensic leader, instructor and curriculum developer for to the Defense Cyber Investigations Training Academy.
Steven Bolt is currently a Sr. Incident Response and Forensics Team Leader for a global corporation.
Inside the book
When it comes to network intrusion analysis, there are many aspects to an investigation and they can depend on a variety of factors. This is exactly why this book covers different stages of an examination, along with the relevant tools, techniques and considerations.
The title comes with a variety of screenshots that are a welcome addition to the text, and mostly do a good job of complementing what the authors are trying to explain. Still, some of them seem to be thrown into the book just to take up space. Do we really need several screenshots that showcase the options in a menu? How about a screenshot of the BackTrack logo or a shell with a simple command typed in? The space could've been used much better. Indeed, some parts of the book have huge paragraphs that take up half a page. Spreading them out would make for a more pleasurable read.
While the authors list security professionals, computer forensics analysts and network administrators as the intended audience for the book, I don't think that's really the case. When a book comes with an explanation of how to find out an IP address, I think it's fair to say it's intended audience is one with much less knowledge than the average person working in the field of computer forensics. Don't get me wrong, there's plenty of valuable technical information in this title, but some of it is not in sync with the intended audience. You can't speak to every level of knowledge, at least not in just 250 pages.
With so much computer security software (both free and commercial) available on the market, it can be a daunting task for anyone new to the field to pick and choose what to use. Thankfully this book introduces many tools and, most importantly, showcases them in real-world situations. This will help readers identify the strengths of numerous tools they might not be familiar with.
Working as an intrusion analyst means, among other things, constantly following the latest technologies and techniques. This book provides a solid start into the subject as it offers a good overview of what you should be paying attention to. At the same time, depending on your interests and professional needs, you'll have enough information to know what areas to explore further.