Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Digital Forensics and Incident Response
  • Table Of Contents Toc
Digital Forensics and Incident Response

Digital Forensics and Incident Response - Second Edition

By : Gerard Johansen
4.6 (5)
Buy this Book
close
close
Digital Forensics and Incident Response

Digital Forensics and Incident Response

4.6 (5)
By: Gerard Johansen
Buy this Book

Overview of this book

An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization's infrastructure from attacks. This updated second edition will help you perform cutting-edge digital forensic activities and incident response. After focusing on the fundamentals of incident response that are critical to any information security team, you’ll move on to exploring the incident response framework. From understanding its importance to creating a swift and effective response to security incidents, the book will guide you with the help of useful examples. You’ll later get up to speed with digital forensic techniques, from acquiring evidence and examining volatile memory through to hard drive examination and network-based evidence. As you progress, you’ll discover the role that threat intelligence plays in the incident response process. You’ll also learn how to prepare an incident response report that documents the findings of your analysis. Finally, in addition to various incident response activities, the book will address malware analysis, and demonstrate how you can proactively use your digital forensic skills in threat hunting. By the end of this book, you’ll have learned how to efficiently investigate and report unwanted security breaches and incidents in your organization.
Table of Contents (22 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
1
Section 1: Foundations of Incident Response and Digital Forensics
Icon
Section 1: Foundations of Incident Response and Digital Forensics
Lock Free Chapter
2
Understanding Incident Response
Icon
Understanding Incident Response
Icon
The incident response process
Icon
The incident response framework
Icon
The incident response plan
Icon
The incident response playbook
Icon
Testing the incident response framework
Icon
Summary
Icon
Questions
Icon
Further reading
3
Managing Cyber Incidents
Icon
Managing Cyber Incidents
Icon
Engaging the incident response team
Icon
Incorporating crisis communications
Icon
Investigating incidents
Icon
Incorporating containment strategies
Icon
Getting back to normal – eradication and recovery
Icon
Summary
Icon
Questions
Icon
Further reading
4
Fundamentals of Digital Forensics
Icon
Fundamentals of Digital Forensics
Icon
Legal aspects
Icon
Digital forensics fundamentals
Icon
Summary
Icon
Questions
Icon
Further reading
5
Section 2: Evidence Acquisition
Icon
Section 2: Evidence Acquisition
6
Collecting Network Evidence
Icon
Collecting Network Evidence
Icon
An overview of network evidence
Icon
Firewalls and proxy logs
Icon
NetFlow
Icon
Packet captures
Icon
Wireshark
Icon
Evidence collection
Icon
Summary
Icon
Questions
Icon
Further reading
7
Acquiring Host-Based Evidence
Icon
Acquiring Host-Based Evidence
Icon
Preparation
Icon
Order of Volatility
Icon
Evidence acquisition
Icon
Acquiring volatile memory
Icon
Acquiring non-volatile evidence
Icon
Summary
Icon
Questions
Icon
Further reading
8
Forensic Imaging
Icon
Forensic Imaging
Icon
Understanding forensic imaging
Icon
Imaging tools
Icon
Preparing a stage drive
Icon
Using write blockers
Icon
Imaging techniques
Icon
Summary
Icon
Questions
Icon
Further reading
9
Section 3: Analyzing Evidence
Icon
Section 3: Analyzing Evidence
10
Analyzing Network Evidence
Icon
Analyzing Network Evidence
Icon
Network evidence overview
Icon
Analyzing firewall and proxy logs
Icon
Analyzing NetFlow
Icon
Analyzing packet captures
Icon
Summary
Icon
Questions
Icon
Further reading
11
Analyzing System Memory
Icon
Analyzing System Memory
Icon
Memory analysis overview
Icon
Memory analysis methodology
Icon
Memory analysis with Redline
Icon
Memory analysis with Volatility
Icon
Memory analysis with strings
Icon
Summary
Icon
Questions
Icon
Further reading
12
Analyzing System Storage
Icon
Analyzing System Storage
Icon
Forensic platforms
Icon
Autopsy
Icon
MFT analysis
Icon
Registry analysis
Icon
Summary
Icon
Questions
Icon
Further reading
13
Analyzing Log Files
chevron up
Icon
Analyzing Log Files
Icon
Logging and log management
Icon
Working with event management systems
Icon
Understanding Windows logs
Icon
Analyzing Windows event logs
Icon
Summary
Icon
Questions
Icon
Further reading
14
Writing the Incident Report
Icon
Writing the Incident Report
Icon
Documentation overview
Icon
Incident tracking
Icon
Written reports
Icon
Summary
Icon
Questions
Icon
Further reading
15
Section 4: Specialist Topics
Icon
Section 4: Specialist Topics
16
Malware Analysis for Incident Response
Icon
Malware Analysis for Incident Response
Icon
Malware classifications
Icon
Malware analysis overview
Icon
Analyzing malware
Icon
Dynamic analysis
Icon
Summary
Icon
Questions
Icon
Further reading
17
Leveraging Threat Intelligence
Icon
Leveraging Threat Intelligence
Icon
Understanding threat intelligence
Icon
Threat intelligence methodology
Icon
Threat intelligence sources
Icon
Threat intelligence platforms
Icon
Using threat intelligence
Icon
Summary
Icon
Questions
Icon
Further reading
18
Hunting for Threats
Icon
Hunting for Threats
Icon
The threat hunting maturity model
Icon
Threat hunt cycle
Icon
MITRE ATT&CK
Icon
Threat hunt planning
Icon
Threat hunt reporting
Icon
Summary
Icon
Questions
Icon
Further reading
19
Assessment
Icon
Assessment
Icon
Chapter 1: Understanding Incident Response
Icon
Chapter 2: Managing Cyber Incidents
Icon
Chapter 3: Fundamentals of Digital Forensics
Icon
Chapter 4: Collecting Network Evidence
Icon
Chapter 5: Acquiring Host-Based Evidence
Icon
Chapter 6: Forensic Imaging
Icon
Chapter 7: Analyzing Network Evidence
Icon
Chapter 8: Analyzing System Memory
Icon
Chapter 9: Analyzing System Storage
Icon
Chapter 10: Analyzing Log Files
Icon
Chapter 11: Writing the Incident Report
Icon
Chapter 12: Malware Analysis for Incident Response
Icon
Chapter 13: Leveraging Threat Intelligence
Icon
Chapter 14: Hunting for Threats
20
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think
1
Appendix
Icon
Appendix

Understanding Windows logs

The most prevalent endpoint operating system that responders will have to examine related to an incident is by far the Windows OS. Due to the overwhelming market share that Microsoft has, the vast majority of enterprise endpoints will be Microsoft desktop/laptop, server, or virtual systems. As a result, it is critical that responders have a solid understanding of how to leverage the Windows event logs for incident analysis.

The Windows event logs provide extensive data on the actions of the operating systems, connections from other systems, and credential use, along with the use of PowerShell. Adversarial tactics from initial compromise using malware or other exploits, credential accessing, and elevation and lateral movement using the Windows operating system's internal tools are often captured via the Windows event logs.

The specific logs that...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Digital Forensics and Incident Response
End of Section 13
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon