Book Image

Digital Forensics and Incident Response - Second Edition

By : Gerard Johansen
Book Image

Digital Forensics and Incident Response - Second Edition

By: Gerard Johansen

Overview of this book

An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization's infrastructure from attacks. This updated second edition will help you perform cutting-edge digital forensic activities and incident response. After focusing on the fundamentals of incident response that are critical to any information security team, you’ll move on to exploring the incident response framework. From understanding its importance to creating a swift and effective response to security incidents, the book will guide you with the help of useful examples. You’ll later get up to speed with digital forensic techniques, from acquiring evidence and examining volatile memory through to hard drive examination and network-based evidence. As you progress, you’ll discover the role that threat intelligence plays in the incident response process. You’ll also learn how to prepare an incident response report that documents the findings of your analysis. Finally, in addition to various incident response activities, the book will address malware analysis, and demonstrate how you can proactively use your digital forensic skills in threat hunting. By the end of this book, you’ll have learned how to efficiently investigate and report unwanted security breaches and incidents in your organization.
Table of Contents (22 chapters)
1
Section 1: Foundations of Incident Response and Digital Forensics
5
Section 2: Evidence Acquisition
9
Section 3: Analyzing Evidence
15
Section 4: Specialist Topics
Appendix

Summary

Benjamin Franklin is quoted as saying, "By failing to prepare, you are preparing to fail." In many ways, this sentiment is quite accurate when it comes to organizations and the threat of cyber attacks. Preparing for a cyber attack is a critical function that must be taken as seriously as any other aspect of cyber security. Having a solid understanding of the incident response process to build on with an incident response capability can provide organizations with a measure of preparation, so that in the event of an incident, they can respond. Keep in mind as we move forward that forensic techniques, threat intelligence, and reverse engineering are there to assist an organization to get to the end, that is, back up and running.

This chapter explored some of the preparation that goes into building an incident response capability. Selecting a team, creating a plan, and building the playbooks and the escalation procedures allows a CSIRT to effectively address an incident. The CSIRT and associated plans give structure to the digital forensic techniques to be discussed. This discussion begins with the next chapter, where proper evidence handling and documentation is the critical first step in investigating an incident.