Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Digital Forensics and Incident Response
  • Table Of Contents Toc
Digital Forensics and Incident Response

Digital Forensics and Incident Response - Second Edition

By : Gerard Johansen
4.6 (5)
Buy this Book
close
close
Digital Forensics and Incident Response

Digital Forensics and Incident Response

4.6 (5)
By: Gerard Johansen
Buy this Book

Overview of this book

An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization's infrastructure from attacks. This updated second edition will help you perform cutting-edge digital forensic activities and incident response. After focusing on the fundamentals of incident response that are critical to any information security team, you’ll move on to exploring the incident response framework. From understanding its importance to creating a swift and effective response to security incidents, the book will guide you with the help of useful examples. You’ll later get up to speed with digital forensic techniques, from acquiring evidence and examining volatile memory through to hard drive examination and network-based evidence. As you progress, you’ll discover the role that threat intelligence plays in the incident response process. You’ll also learn how to prepare an incident response report that documents the findings of your analysis. Finally, in addition to various incident response activities, the book will address malware analysis, and demonstrate how you can proactively use your digital forensic skills in threat hunting. By the end of this book, you’ll have learned how to efficiently investigate and report unwanted security breaches and incidents in your organization.
Table of Contents (22 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
1
Section 1: Foundations of Incident Response and Digital Forensics
Icon
Section 1: Foundations of Incident Response and Digital Forensics
Lock Free Chapter
2
Understanding Incident Response
chevron up
Icon
Understanding Incident Response
Icon
The incident response process
Icon
The incident response framework
Icon
The incident response plan
Icon
The incident response playbook
Icon
Testing the incident response framework
Icon
Summary
Icon
Questions
Icon
Further reading
3
Managing Cyber Incidents
Icon
Managing Cyber Incidents
Icon
Engaging the incident response team
Icon
Incorporating crisis communications
Icon
Investigating incidents
Icon
Incorporating containment strategies
Icon
Getting back to normal – eradication and recovery
Icon
Summary
Icon
Questions
Icon
Further reading
4
Fundamentals of Digital Forensics
Icon
Fundamentals of Digital Forensics
Icon
Legal aspects
Icon
Digital forensics fundamentals
Icon
Summary
Icon
Questions
Icon
Further reading
5
Section 2: Evidence Acquisition
Icon
Section 2: Evidence Acquisition
6
Collecting Network Evidence
Icon
Collecting Network Evidence
Icon
An overview of network evidence
Icon
Firewalls and proxy logs
Icon
NetFlow
Icon
Packet captures
Icon
Wireshark
Icon
Evidence collection
Icon
Summary
Icon
Questions
Icon
Further reading
7
Acquiring Host-Based Evidence
Icon
Acquiring Host-Based Evidence
Icon
Preparation
Icon
Order of Volatility
Icon
Evidence acquisition
Icon
Acquiring volatile memory
Icon
Acquiring non-volatile evidence
Icon
Summary
Icon
Questions
Icon
Further reading
8
Forensic Imaging
Icon
Forensic Imaging
Icon
Understanding forensic imaging
Icon
Imaging tools
Icon
Preparing a stage drive
Icon
Using write blockers
Icon
Imaging techniques
Icon
Summary
Icon
Questions
Icon
Further reading
9
Section 3: Analyzing Evidence
Icon
Section 3: Analyzing Evidence
10
Analyzing Network Evidence
Icon
Analyzing Network Evidence
Icon
Network evidence overview
Icon
Analyzing firewall and proxy logs
Icon
Analyzing NetFlow
Icon
Analyzing packet captures
Icon
Summary
Icon
Questions
Icon
Further reading
11
Analyzing System Memory
Icon
Analyzing System Memory
Icon
Memory analysis overview
Icon
Memory analysis methodology
Icon
Memory analysis with Redline
Icon
Memory analysis with Volatility
Icon
Memory analysis with strings
Icon
Summary
Icon
Questions
Icon
Further reading
12
Analyzing System Storage
Icon
Analyzing System Storage
Icon
Forensic platforms
Icon
Autopsy
Icon
MFT analysis
Icon
Registry analysis
Icon
Summary
Icon
Questions
Icon
Further reading
13
Analyzing Log Files
Icon
Analyzing Log Files
Icon
Logging and log management
Icon
Working with event management systems
Icon
Understanding Windows logs
Icon
Analyzing Windows event logs
Icon
Summary
Icon
Questions
Icon
Further reading
14
Writing the Incident Report
Icon
Writing the Incident Report
Icon
Documentation overview
Icon
Incident tracking
Icon
Written reports
Icon
Summary
Icon
Questions
Icon
Further reading
15
Section 4: Specialist Topics
Icon
Section 4: Specialist Topics
16
Malware Analysis for Incident Response
Icon
Malware Analysis for Incident Response
Icon
Malware classifications
Icon
Malware analysis overview
Icon
Analyzing malware
Icon
Dynamic analysis
Icon
Summary
Icon
Questions
Icon
Further reading
17
Leveraging Threat Intelligence
Icon
Leveraging Threat Intelligence
Icon
Understanding threat intelligence
Icon
Threat intelligence methodology
Icon
Threat intelligence sources
Icon
Threat intelligence platforms
Icon
Using threat intelligence
Icon
Summary
Icon
Questions
Icon
Further reading
18
Hunting for Threats
Icon
Hunting for Threats
Icon
The threat hunting maturity model
Icon
Threat hunt cycle
Icon
MITRE ATT&CK
Icon
Threat hunt planning
Icon
Threat hunt reporting
Icon
Summary
Icon
Questions
Icon
Further reading
19
Assessment
Icon
Assessment
Icon
Chapter 1: Understanding Incident Response
Icon
Chapter 2: Managing Cyber Incidents
Icon
Chapter 3: Fundamentals of Digital Forensics
Icon
Chapter 4: Collecting Network Evidence
Icon
Chapter 5: Acquiring Host-Based Evidence
Icon
Chapter 6: Forensic Imaging
Icon
Chapter 7: Analyzing Network Evidence
Icon
Chapter 8: Analyzing System Memory
Icon
Chapter 9: Analyzing System Storage
Icon
Chapter 10: Analyzing Log Files
Icon
Chapter 11: Writing the Incident Report
Icon
Chapter 12: Malware Analysis for Incident Response
Icon
Chapter 13: Leveraging Threat Intelligence
Icon
Chapter 14: Hunting for Threats
20
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think
1
Appendix
Icon
Appendix

Understanding Incident Response

When examining the threats to today's information technology, it can seem overwhelming. From simple script kiddies using off-the-shelf code to nation state adversary tools, it is critical to be prepared. For example, an internal employee can download a single instance of ransomware and can have a significant impact on an organization. More complex attacks such as a network exploitation attempt or targeted data breach increases the chaos that a security incident causes. Technical personnel will have their hands full attempting to determine the systems that have been impacted and how they are being manipulated. They will also have to contend with addressing the possible loss of data through compromised systems. Adding to this chaotic situation are senior managers haranguing them for updates and an answer to the all-important questions: How did this happen? and How bad is it?

Having the ability to properly respond to security incidents in an orderly and efficient manner allows organizations to both limit the damage of a potential cyber attack, and also recover from the associated damage that is caused. To facilitate this orderly response, organizations of all sizes have looked at adding an incident response capability to their existing policies, procedures, and processes.

In order to build this capability within the organization, several key components must be addressed. First, organizations need to have a working knowledge of the incident response process. This process outlines the general flow of an incident and the general actions that are taken at each stage. Second, organizations need to have access to personnel who form the nucleus of any incident response capability. Once a team is organized, a formalized plan and associated processes need to be created. This written plan and processes form the orderly structure that an organization can follow during an incident. Finally, with this framework in place, the plan must be continually evaluated, tested, and improved as new threats emerge. Utilizing this framework will position organizations to be prepared for the unfortunate reality that many organizations have already faced, an incident that compromises their security.

We will be covering the following topics in this chapter:

  • The incident response process
  • The incident response framework
  • The incident response plan
  • The incident response playbook
  • Testing the incident response framework
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Digital Forensics and Incident Response
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon