Incident response & computer forensics /

Annotation

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Luttgens, Jason T.
Otros Autores: Pepe, Mathew
Formato: Electrónico eBook
Idioma:Inglés
Publicado: New York : McGraw-Hill Education, ©2014.
Edición:3rd ed.
Temas:
Computer security.
Computer crimes > Investigation.
Sécurité informatique.
Criminalité informatique > Enquêtes.
Computer crimes > Investigation
Computer security
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title Page
  • Copyright Page
  • About the Authors
  • About the Contributors
  • About the Technical Editor
  • Contents
  • Foreword
  • Acknowledgments
  • Introduction
  • Part I: Preparing for the Inevitable Incident
  • Chapter 1: Real-World Incidents
  • What Constitutes an Incident?
  • What Is Incident Response?
  • Where We Are Now
  • Why Should You Care About Incident Response?
  • Case Studies
  • Case Study #1: Show Me the Money
  • Case Study #2: Certificate of Authenticity
  • Concept of the Attack Lifecycle
  • So What?
  • Questions
  • Chapter 2: IR Management Handbook
  • What Is a Computer Security Incident?
  • What Are the Goals of Incident Response?
  • Who Is Involved in the IR Process?
  • Finding IR Talent
  • The Incident Response Process
  • Initial Response
  • Investigation
  • Remediation
  • Tracking of Significant Investigative Information
  • Reporting
  • So What?
  • Questions
  • Chapter 3: Pre-Incident Preparation
  • Preparing the Organization for Incident Response
  • Identifying Risk
  • Policies That Promote a Successful IR
  • Working with Outsourced IT
  • Thoughts on Global Infrastructure Issues
  • Educating Users on Host-Based Security
  • Preparing the IR Team
  • Defining the Mission
  • Communication Procedures
  • Deliverables
  • Resources for the IR Team
  • Preparing the Infrastructure for Incident Response
  • Computing Device Configuration
  • Network Configuration
  • So What?
  • Questions
  • Part II: Incident Detection and Characterization
  • Chapter 4: Getting the Investigation Started on the Right Foot
  • Collecting Initial Facts
  • Checklists
  • Maintenance of Case Notes
  • Building an Attack Timeline
  • Understanding Investigative Priorities
  • What Are Elements of Proof?
  • Setting Expectations with Management
  • So What?
  • Questions
  • Chapter 5: Initial Development of Leads
  • Defining Leads of Value
  • Acting on Leads
  • Turning Leads into Indicators
  • The Lifecycle of Indicator Generation
  • Resolving Internal Leads
  • Resolving External Leads
  • So What?
  • Questions
  • Chapter 6: Discovering the Scope of the Incident
  • What Should I Do?
  • Examining Initial Data
  • Gathering and Reviewing Preliminary Evidence
  • Determining a Course of Action
  • Customer Data Loss Scenario
  • Customer Data Loss-Scoping Gone Wrong
  • Automated Clearing House (ACH) Fraud Scenario
  • ACH Fraud-Scoping Gone Wrong
  • So What?
  • Questions
  • Part III: Data Collection
  • Chapter 7: Live Data Collection
  • When to Perform a Live Response
  • Selecting a Live Response Tool
  • What to Collect
  • Collection Best Practices
  • Live Data Collection on Microsoft Windows Systems
  • Prebuilt Toolkits
  • Do It Yourself
  • Memory Collection
  • Live Data Collection on Unix-Based Systems
  • Live Response Toolkits
  • Memory Collection
  • So What?
  • Questions
  • Chapter 8: Forensic Duplication
  • Forensic Image Formats
  • Complete Disk Image
  • Partition Image
  • Logical Image
  • Image Integrity
  • Traditional Duplication

Ejemplares similares