Today I spoke with Kevin Mandia, lead author of Incident Response and Computer Forensics, the best IR book available. When the first edition was published, Kevin was director of incident response and computer forensics at Foundstone. I met him in person at the first SANSFIRE conference in 2001. Kevin hired me to join Foundstone's IR team in early 2002, and I left the team in early 2004 a few months after he did.
Kevin is now running Red Cliff Consulting, a professional services firm headquartered in Alexandria, VA. He describes his group as "the experts that experts consult." I won't argue with that assessment. For example, Curtis Rose just joined Red Cliff, after working for years at Sytex. Curtis is one of the co-authors of the forthcoming book Real Digital Forensics, along with myself and Keith Jones.
Kevin will be speaking at Black Hat 2004 in Las Vegas in late July. He plans to discuss "the five things that are problematic in incident response." His public speaking engagements are always incredibly informative and entertaining. Before the Foundstone Christmas party in December 2002, the IR team discussed how funny it would be if Kevin described our team's work in Haiku form. Sure enough, our fearless leader delivered his entire talk in Haiku.
Leading Foundstone's IR team
Puts bad guys in jail
In any case, if you need a group of trusted, experienced computer forensic consultants, check out Red Cliff's services.