Book Image

Digital Forensics and Incident Response

By : Gerard Johansen
Book Image

Digital Forensics and Incident Response

By: Gerard Johansen

Overview of this book

Digital Forensics and Incident Response will guide you through the entire spectrum of tasks associated with incident response, starting with preparatory activities associated with creating an incident response plan and creating a digital forensics capability within your own organization. You will then begin a detailed examination of digital forensic techniques including acquiring evidence, examining volatile memory, hard drive assessment, and network-based evidence. You will also explore the role that threat intelligence plays in the incident response process. Finally, a detailed section on preparing reports will help you prepare a written report for use either internally or in a courtroom. By the end of the book, you will have mastered forensic techniques and incident response and you will have a solid foundation on which to increase your ability to investigate such incidents in your organization.

Related Content you might be interested in

Current Title:

Small book image
Digital Forensics and Incident Response
Gerard Johansen
Jul, 2017 | 324 pages
No titles found
Table of Contents (18 chapters)
Title Page
Title Page
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Customer Feedback
Customer Feedback
Preface
Preface
Free Chapter
1
Incident Response
Incident Response
The incident response process
The incident response framework
The incident response plan
The incident response playbook
Summary
2
Forensic Fundamentals
Forensic Fundamentals
Legal aspects
Digital forensic fundamentals
Summary
3
Network Evidence Collection
Network Evidence Collection
Preparation
Network device evidence
Packet capture
Evidence collection
Summary
4
Acquiring Host-Based Evidence
Acquiring Host-Based Evidence
Preparation
Evidence volatility
Evidence acquisition
Evidence collection procedures
Non-volatile data
Summary
5
Understanding Forensic Imaging
Understanding Forensic Imaging
Overview of forensic imaging
Preparing a stage drive
Imaging
Summary
6
Network Evidence Analysis
Network Evidence Analysis
Analyzing packet captures
Analyzing network log files
Summary
7
Analyzing System Memory
Analyzing System Memory
Memory evidence overview
Memory analysis
Summary
8
Analyzing System Storage
Analyzing System Storage
Forensic platforms
Summary
9
Forensic Reporting
Forensic Reporting
Documentation overview
Incident tracking
Written reports
Summary
10
Malware Analysis
Malware Analysis
Malware overview
Malware analysis overview
Analyzing malware
Dynamic analysis
Summary
11
Threat Intelligence
Threat Intelligence
Threat intelligence overview
Threat intelligence methodology
Threat intelligence direction
Threat intelligence sources
Threat intelligence platforms
Using threat intelligence
Summary

Evidence collection procedures

There are a number of parallels between digital forensics and other forensic disciplines such as trace evidence. The key parallel is that organizations acquiring evidence need to have a procedure that is sound, reproducible, and well documented. The following are some guidelines for proper collection of digital evidence:

  1. Photograph the system and the general scene. One the key pieces of equipment that can save time is a small digital camera. While it may seem overkill to photograph a system in place, in the event that actions taken by incident responders ever see the inside of a courtroom, having photos will allow for a proper reconstruction of the events. One word of caution though is make sure to utilize a separate digital camera. Utilizing a cell phone may expose the device to discovery in the event of a lawsuit or criminal proceeding. The best method is to snap all of the photos necessary and at a convenient time and place, and transfer them to permanent...
Previous Section
End of Section 5
Next Section