Book Review: Computer Incident Response and Forensics Team Management

​Unlike many books on this topic, which are aimed at cybersecurity and forensics experts, this work is apparently intended for beginners and the general reading public. It contains little original material, and its coverage of computer incident response teams is incomplete.

For example, the book does not address requirements for mobile, triage, and computer forensics labs or how to set them up. There are currently two main schools for incident handling and international standards—American and European—but the book does not properly address either or any other recognized format. 

There are formal and personal training requirements and certifications directly related to computer incident response that would also be helpful to those who manage response teams. The book should, but does not, cover the FBI Computer Analysis Response Team, ASCLD/LAB Certified Assessors, DoD Certified Computer Crime Investigators, and Federal Law Enforcement Training Center Seized Computer Evidence Recovery Specialists, for example.

Nor did the book discuss the computer incident response framework consisting of people, process, and technology. Process workflow and technology framework for data identification, capture, intake, processing, storing, management, chain of evidence handling, and archiving are also missing.

In short, this book might be useful as an overview for the lay person or beginner, but it misses the opportunity to inform and support a person who actually manages an incident response team.

Reviewer: Dr. Ihab Ali is the security lead for Dell in the European, Middle East, and African regions. He serves on the ASIS Information Technology Security Council.