• Book image
Book Image

Digital Forensics and Incident Response - Second Edition

Book Image

Digital Forensics and Incident Response - Second Edition

Overview of this book

An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization's infrastructure from attacks. This updated second edition will help you perform cutting-edge digital forensic activities and incident response. After focusing on the fundamentals of incident response that are critical to any information security team, you’ll move on to exploring the incident response framework. From understanding its importance to creating a swift and effective response to security incidents, the book will guide you with the help of useful examples. You’ll later get up to speed with digital forensic techniques, from acquiring evidence and examining volatile memory through to hard drive examination and network-based evidence. As you progress, you’ll discover the role that threat intelligence plays in the incident response process. You’ll also learn how to prepare an incident response report that documents the findings of your analysis. Finally, in addition to various incident response activities, the book will address malware analysis, and demonstrate how you can proactively use your digital forensic skills in threat hunting. By the end of this book, you’ll have learned how to efficiently investigate and report unwanted security breaches and incidents in your organization.

Related Content you might be interested in

No titles found
Table of Contents (22 chapters)
Preface
Free Chapter
1
Section 1: Foundations of Incident Response and Digital Forensics
2
Understanding Incident Response
3
Managing Cyber Incidents
4
Fundamentals of Digital Forensics
5
Section 2: Evidence Acquisition
6
Collecting Network Evidence
7
Acquiring Host-Based Evidence
8
Forensic Imaging
9
Section 3: Analyzing Evidence
10
Analyzing Network Evidence
11
Analyzing System Memory
12
Analyzing System Storage
13
Analyzing Log Files
14
Writing the Incident Report
15
Section 4: Specialist Topics
16
Malware Analysis for Incident Response
17
Leveraging Threat Intelligence
18
Hunting for Threats
Hunting for Threats
The threat hunting maturity model
Threat hunt cycle
MITRE ATT&CK
Threat hunt planning
Threat hunt reporting
Summary
Questions
Further reading
19
Assessment
20
Other Books You May Enjoy
Appendix

The threat hunting maturity model

The cybersecurity expert David Bianco, the developer of the Pyramid of Pain covered in the previous chapter, developed the threat hunting maturity model while working for the cybersecurity company Sqrrl. It is important to understand this maturity model in relation to threat hunting, as it provides threat hunters and their organization a construct in determining the roadmap to maturing the threat hunting process in their organization. The maturity model is made up of five levels, starting at Hunt Maturity 0 (or HM0) to HM4. What follows is a review of the five levels of the model:

  • HM0—Initial: During the initial stage, organizations rely exclusively on automated tools such as network- or host-based intrusion prevention/detection systems, antivirus, or security information and event management (SIEM) to provide alerts to the threat hunt...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech

Start a 7-day FREE trial
End of Section 2
Your notes and bookmarks