Here's a useful resource with some static tools for IR on Intel systems. (http://www.incident-response.org)
The FIRST web site, with resources on procedures for IR. (http://www.first.org/docs)
Handbook for Computer Security Incident Response Teams (CSIRTs). (http://www.sei.cmu.edu/ publications /documents/98. reports /98hb001/98hb001abstract.html)
SecurityFocus IR resource archive. (http://online.securityfocus.com/cgi-bin/sfonline/incidents_topics.pl)
Dave Dittrich on incident cost evaluation. (http://staff.washington.edu/dittrich/misc/faqs/incidentcosts.faq)
"Incident Response Procedures," by Dave Dittrich. Washington University. (http://staff.washington.edu/dittrich/talks/blackhat/blackhat/incident-response.html)