Book Image

Digital Forensics and Incident Response

By : Gerard Johansen
Book Image

Digital Forensics and Incident Response

By: Gerard Johansen

Overview of this book

Digital Forensics and Incident Response will guide you through the entire spectrum of tasks associated with incident response, starting with preparatory activities associated with creating an incident response plan and creating a digital forensics capability within your own organization. You will then begin a detailed examination of digital forensic techniques including acquiring evidence, examining volatile memory, hard drive assessment, and network-based evidence. You will also explore the role that threat intelligence plays in the incident response process. Finally, a detailed section on preparing reports will help you prepare a written report for use either internally or in a courtroom. By the end of the book, you will have mastered forensic techniques and incident response and you will have a solid foundation on which to increase your ability to investigate such incidents in your organization.

Related Content you might be interested in

Current Title:

Small book image
Digital Forensics and Incident Response
Gerard Johansen
Jul, 2017 | 324 pages
No titles found
Table of Contents (18 chapters)
Title Page
Title Page
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Incident Response
Incident Response
The incident response process
The incident response framework
The incident response plan
The incident response playbook
Summary
2
Forensic Fundamentals
Forensic Fundamentals
Legal aspects
Digital forensic fundamentals
Summary
3
Network Evidence Collection
Network Evidence Collection
Preparation
Network device evidence
Packet capture
Evidence collection
Summary
4
Acquiring Host-Based Evidence
Acquiring Host-Based Evidence
Preparation
Evidence volatility
Evidence acquisition
Evidence collection procedures
Non-volatile data
Summary
5
Understanding Forensic Imaging
Understanding Forensic Imaging
Overview of forensic imaging
Preparing a stage drive
Imaging
Summary
6
Network Evidence Analysis
Network Evidence Analysis
Analyzing packet captures
Analyzing network log files
Summary
7
Analyzing System Memory
Analyzing System Memory
Memory evidence overview
Memory analysis
Summary
8
Analyzing System Storage
Analyzing System Storage
Forensic platforms
Summary
9
Forensic Reporting
Forensic Reporting
Documentation overview
Incident tracking
Written reports
Summary
10
Malware Analysis
Malware Analysis
Malware overview
Malware analysis overview
Analyzing malware
Dynamic analysis
Summary
11
Threat Intelligence
Threat Intelligence
Threat intelligence overview
Threat intelligence methodology
Threat intelligence direction
Threat intelligence sources
Threat intelligence platforms
Using threat intelligence
Summary

Legal aspects

As we saw in the first chapter, a proper incident response involves a number of individuals from a variety of disciplines. This highlights one of the key misconceptions often held, that incident response is strictly a technology matter. One realm that incident response falls heavily into is the legal arena. There are a number of laws and regulations that directly impact an organization's incident response capability ranging from breach notification to privacy. These laws both provide a framework for governments to prosecute offenders as well as providing strict rules concerning such topics as how evidence is handled and presented in court.

Laws and regulations

In the middle of the 1980s, as computer crime started to become more prevalent, jurisdictions began crafting laws to address the ever-increasing instances of cyber-crime. In the United States, for example, federal criminal law has specific statutes that deal directly with criminal activity utilizing a computer:

  • 18 USC §...
Previous Section
End of Section 2
Next Section