Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder. Paperback – August 3, 2014

This little pocket book is absolutely a must have for Incident responders. It will provide some wonderful insight on what should be done in all the stages of traditional IR. A must have!

I was recommended this Handbook by an Incident Responder with over 10 years experience (whom was also recommended it within his professional network). I've been utilizing version 1.0 of this handbook for almost 3 months now and, I must say, it's the perfect field manual not only for Incident Responders but for any class of Information Security Professional. Back in college I started crafting a reference manual of my own wishing I had something like this. I'm happy to see that I wasn't the only person when I was recommended this Handbook. Initially my only wish was for it to have had reference diagrams for common packet headers. However, shortly after that I learned of version 2.0. For that reason, I immediately purchased version 2.0.Background: 3 years experience as an Information Security Analyst

This is a must-have for blue-team / defensive and red-team/ offensive folks. It provides a great jump-off point for a lot of security monitoring skills, and has a very rugged feel to it that tells you its written by someone with a lot of experience. The first 35 pages or so is process / paperwork related stuff, but everything after that is high-signal and very useful.

Nice companion to the RTFM. I have been in INFOSEC for a while and I found most of the book to be somewhat generic. My feelings may not apply to everyone else though. There seems to be an idea out there that everyone in INFOSEC sits around grepping Snort logs and/or TCP dumps; this simply is not the case. As an incident first responder the job is fairly straight forward: isolate and collect the logs. Everyone has their own methods I guess. Some OS'es require you leave the system connected before collecting logs this book does not cover that aspect. Not everyone can afford a SANS course so in that respect this condensed field guide is a plus+. Simply put; you cannot afford to not have this book. A must buy.

Great Resource to Have on hands for Security Analysts. I have been using many of the techniques described in this book over the past few years but this book expanded on that knowledge a bit more than I was used to. It's great because it has all of the most common things one would typically run into on their day-to-day job as a security analyst. Not completely comprehensive but that's not the purpose of this book.

Fits in the jump bag & a zip lock to protect the pages - Crafted my own pocket flap inserts to add personal notes for my employer on large index cards (org chart by title with penciled in names, numbers & schedules); IT LAN map with details on each system in case it is needed in a jiff (except passwords - don't be stupid!) It didn't help me pass the minors, but I am a non-military female. I don't think God could have gotten me through those men who love to fail women!

Solid info, brief and informative, wide coverage on incident issues.Bought a second copy recently (gave away #1), have read through it, and the update does improve wording, fixes the few spelling errors someone complained about in V1, and has great packet header charts in the back. Got my copy autographed at a SANS conference to boot! I hear there are more titles in the series planned with a few underway.

Great Book to give insight to the blue team side.It has some of that simple common sense stuff. But it takes that and puts it into a plan!Very deep insight into the importance of being prepared and explaining why.Also has some cool more advance advice to read up on.Gives command line examples of different parameters to use and shows the result you will get.