Its an old thread, but since you've dragged it back up I'll add something as well.

I just finished reading and reviewing Incident Response: Computer Forensics Toolkit by Douglas Schweitzer (to read my review on About.com click here: Book Review).

It is an excellent book and I highly recommend it. It is very readable and explains every step of incident response in detail. One of my favorite parts is the appendix that breaks down the USA PATRIOT Act and what changes were brought about as a result. It also includes a CD with various freeware and trialware tools and checklists to keep handy for each phase of incident response.

Similar to what you list from the as-yet-to-be-uploaded ebook, the basic phases of incident response are generally accepted to be:

*Prepare to detect and respond to incidents
*Detect incident
*Gather clues and evidence
*Clean system and patch vulnerabilities
*Recover lost data or files
*Take lessons from incident and apply them to secure for future