Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Digital Forensics and Incident Response
  • Table Of Contents Toc
Digital Forensics and Incident Response

Digital Forensics and Incident Response

By : Gerard Johansen
4.3 (6)
Buy this Book
close
close
Digital Forensics and Incident Response

Digital Forensics and Incident Response

4.3 (6)
By: Gerard Johansen
Buy this Book

Overview of this book

Digital Forensics and Incident Response will guide you through the entire spectrum of tasks associated with incident response, starting with preparatory activities associated with creating an incident response plan and creating a digital forensics capability within your own organization. You will then begin a detailed examination of digital forensic techniques including acquiring evidence, examining volatile memory, hard drive assessment, and network-based evidence. You will also explore the role that threat intelligence plays in the incident response process. Finally, a detailed section on preparing reports will help you prepare a written report for use either internally or in a courtroom. By the end of the book, you will have mastered forensic techniques and incident response and you will have a solid foundation on which to increase your ability to investigate such incidents in your organization.
Table of Contents (12 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
Incident Response
Icon
Incident Response
Icon
The incident response process
Icon
The incident response framework
Icon
The incident response plan
Icon
The incident response playbook
Icon
Summary
2
Forensic Fundamentals
Icon
Forensic Fundamentals
Icon
Legal aspects
Icon
Digital forensic fundamentals
Icon
Summary
3
Network Evidence Collection
Icon
Network Evidence Collection
Icon
Preparation
Icon
Network device evidence
Icon
Packet capture
Icon
Evidence collection
Icon
Summary
4
Acquiring Host-Based Evidence
Icon
Acquiring Host-Based Evidence
Icon
Preparation
Icon
Evidence volatility
Icon
Evidence acquisition
Icon
Evidence collection procedures
Icon
Non-volatile data
Icon
Summary
5
Understanding Forensic Imaging
Icon
Understanding Forensic Imaging
Icon
Overview of forensic imaging
Icon
Preparing a stage drive
Icon
Imaging
Icon
Summary
6
Network Evidence Analysis
Icon
Network Evidence Analysis
Icon
Analyzing packet captures
Icon
Analyzing network log files
Icon
Summary
7
Analyzing System Memory
Icon
Analyzing System Memory
Icon
Memory evidence overview
Icon
Memory analysis
Icon
Summary
8
Analyzing System Storage
Icon
Analyzing System Storage
Icon
Forensic platforms
Icon
Summary
9
Forensic Reporting
Icon
Forensic Reporting
Icon
Documentation overview
Icon
Incident tracking
Icon
Written reports
Icon
Summary
10
Malware Analysis
Icon
Malware Analysis
Icon
Malware overview
Icon
Malware analysis overview
Icon
Analyzing malware
Icon
Dynamic analysis
Icon
Summary
11
Threat Intelligence
chevron up
Icon
Threat Intelligence
Icon
Threat intelligence overview
Icon
Threat intelligence methodology
Icon
Threat intelligence direction
Icon
Threat intelligence sources
Icon
Threat intelligence platforms
Icon
Using threat intelligence
Icon
Summary

Threat intelligence sources

There are three primary sources of threat intelligence that an organization can leverage. Threat intelligence can be produced by the organization in an internal process, acquired through open source methods, or finally, through third-party threat intelligence vendors. Each organization can utilize their own internal processes to determine what their needs are and what sources to leverage.

Internally developed sources

The most complex threat intelligence sources are those that an organization internally develops. This is due to the infrastructure that is needed to obtain the individual IOCs from malware campaigns and TTPs from threat actors. To obtain IOCs, the organization can make use of honeypots or other deliberately vulnerable systems to acquire unique malware samples. They will also need to have the expertise and systems available to not only evaluate suspected malware but reverse engineer it. From there, they would be able to extract the individual IOCs that...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Digital Forensics and Incident Response
End of Section 11
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon