Book Image

Digital Forensics and Incident Response - Second Edition

By : Gerard Johansen
Book Image

Digital Forensics and Incident Response - Second Edition

By: Gerard Johansen

Overview of this book

An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing your organization's infrastructure from attacks. This updated second edition will help you perform cutting-edge digital forensic activities and incident response. After focusing on the fundamentals of incident response that are critical to any information security team, you’ll move on to exploring the incident response framework. From understanding its importance to creating a swift and effective response to security incidents, the book will guide you with the help of useful examples. You’ll later get up to speed with digital forensic techniques, from acquiring evidence and examining volatile memory through to hard drive examination and network-based evidence. As you progress, you’ll discover the role that threat intelligence plays in the incident response process. You’ll also learn how to prepare an incident response report that documents the findings of your analysis. Finally, in addition to various incident response activities, the book will address malware analysis, and demonstrate how you can proactively use your digital forensic skills in threat hunting. By the end of this book, you’ll have learned how to efficiently investigate and report unwanted security breaches and incidents in your organization.
Table of Contents (22 chapters)
Section 1: Foundations of Incident Response and Digital Forensics
Section 2: Evidence Acquisition
Section 3: Analyzing Evidence
Section 4: Specialist Topics

To get the most out of this book

Readers should be familiar with the Windows OS and have the ability to download and run applications as well as to use the Windows command line. Familiarity with the Linux command line is also helpful. An understanding of the basic network protocols and various types of network traffic is required as well. It's not required, but it is helpful to have access to a virtualization software platform and a Windows OS in which to run specific tools. Finally, incident response and digital forensics is a growing field. You will get the most out of this book by continuing to research and try new tools and techniques.

Download the color images

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Once in Command Prompt, navigate to the folder containing the RawCap.exe file."

A block of code is set as follows:

description = "Stuxnet Sample - file ~WTR4141.tmp"
author = "Florian Roth"
reference = "Internal Research"
date = "2016-07-09"

Any command-line input or output is written as follows:

dfir@ubuntu:~$ tcpdump -h

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Click on File and then on Capture Memory."

Warnings or important notes appear like this.
Tips and tricks appear like this.