Book Review: Blue Team Handbook: Incident Response Edition
Earlier this year I wrote an extremely short post discussing the Red Team Field Manual (RTFM) book. I’m currently on my third copy of the book (I’ve given the first two away) and I have a copy in my backpack at all times. I recently saw some traffic on a SANS mailing list about similar book geared towards blue teamers and had to check it out.
Like the RTFM, “Blue Team Handbook: Incident Response Edition” is small, affordable and is more of a collection of steps and command examples than a traditional book meant to be read from start to finish. The Blue Team Handbook covers topics such as Windows and Linux volatile data system investigation, network traffic analysis techniques, suspicious network traffic patterns and Snort configuration and usage. Amazon now lists an updated version 2.0 of the book with 20 new pages including information on database incident response.
The book is currently listed for under $14 on amazon and is perfect to keep with the RTFM in my backpack. If having a printed collection of incident response methodology and commands is something you’d like to have the Blue Team Handbook is worth checking out. When I inevitably give my current copy away I’ll have an excuse to get the new version with the database coverage 🙂