Book Image

Digital Forensics and Incident Response

By : Gerard Johansen
Book Image

Digital Forensics and Incident Response

By: Gerard Johansen

Overview of this book

Digital Forensics and Incident Response will guide you through the entire spectrum of tasks associated with incident response, starting with preparatory activities associated with creating an incident response plan and creating a digital forensics capability within your own organization. You will then begin a detailed examination of digital forensic techniques including acquiring evidence, examining volatile memory, hard drive assessment, and network-based evidence. You will also explore the role that threat intelligence plays in the incident response process. Finally, a detailed section on preparing reports will help you prepare a written report for use either internally or in a courtroom. By the end of the book, you will have mastered forensic techniques and incident response and you will have a solid foundation on which to increase your ability to investigate such incidents in your organization.

Related Content you might be interested in

Current Title:

Small book image
Digital Forensics and Incident Response
Gerard Johansen
Jul, 2017 | 324 pages
No titles found
Table of Contents (18 chapters)
Title Page
Title Page
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Incident Response
Incident Response
The incident response process
The incident response framework
The incident response plan
The incident response playbook
Summary
2
Forensic Fundamentals
Forensic Fundamentals
Legal aspects
Digital forensic fundamentals
Summary
3
Network Evidence Collection
Network Evidence Collection
Preparation
Network device evidence
Packet capture
Evidence collection
Summary
4
Acquiring Host-Based Evidence
Acquiring Host-Based Evidence
Preparation
Evidence volatility
Evidence acquisition
Evidence collection procedures
Non-volatile data
Summary
5
Understanding Forensic Imaging
Understanding Forensic Imaging
Overview of forensic imaging
Preparing a stage drive
Imaging
Summary
6
Network Evidence Analysis
Network Evidence Analysis
Analyzing packet captures
Analyzing network log files
Summary
7
Analyzing System Memory
Analyzing System Memory
Memory evidence overview
Memory analysis
Summary
8
Analyzing System Storage
Analyzing System Storage
Forensic platforms
Summary
9
Forensic Reporting
Forensic Reporting
Documentation overview
Incident tracking
Written reports
Summary
10
Malware Analysis
Malware Analysis
Malware overview
Malware analysis overview
Analyzing malware
Dynamic analysis
Summary
11
Threat Intelligence
Threat Intelligence
Threat intelligence overview
Threat intelligence methodology
Threat intelligence direction
Threat intelligence sources
Threat intelligence platforms
Using threat intelligence
Summary

Preparation

In terms of preparation, incident response analysts should have the necessary tools at their disposal for acquiring host-based evidence. The techniques discussed within this chapter do not rely on any highly-specialized technology, but rather on tools that can be acquired for little or no cost. Outside of software, the only additional hardware that is required is external hard drives and common desktop computers.

When supporting an enterprise environment, it is a good idea that incident response personnel have a solid understanding of the types of systems commonly deployed. For example, in an enterprise that utilizes strictly Microsoft operating systems, the tools available should have the ability to support the wide range of versions of the Microsoft OS. In other circumstances, incident response personnel may support an enterprise where there is an 80/20 split of Microsoft and Linux systems; incident response personnel should be prepared with tools and techniques that support...

Previous Section
End of Section 2
Next Section