Introduction.

Chapter 1: Computer Forensics and Incident Response Essentials.

Chapter 2: Addressing Law Enforcement Considerations.

Chapter 3: Forensic Preparation and Preliminary Response.

Chapter 4: Windows Registry, Recycle Bin, and Data Storage.

Chapter 5: Analyzing and Detecting Malicious Code and Intruders.

Chapter 6: Retrieving and Analyzing Clues.

Chapter 7: Procedures for Collecting and Preserving Evidence.

Chapter 8: Incident Containment and Eradication of Vulnerabilities.

Chapter 9: Disaster Recovery and Follow-Up.

Chapter 10: Responding to Different Types of Incidents.

Chapter 11: Assessing System Security to Prevent Further Attacks.

Chapter 12: Pulling It All Together.

Appendix A: What’s on the CD-ROM.

Appendix B: Commonly Attacked Ports.

Appendix C: Field Guidance on USA Patriot Act 2001.

Appendix D: Computer Records and the Federal Rules of Evidence.

Appendix E: Glossary.

Index.