Digital forensics and incident response : incident response tools and techniques for effective cyber threat response /
Build your organization's cyber defense system by effectively applying digital forensics, incident management, and investigation techniques to real-world cyber threats. An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is key to securing y...
Clasificación: | Libro Electrónico |
---|---|
Autor principal: | |
Formato: | Electrónico eBook |
Idioma: | Inglés |
Publicado: |
Birmingham, UK :
Packt Publishing Ltd.,
2022.
|
Edición: | Third edition. |
Temas: | |
Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright
- Contributors
- Table of Contents
- Preface
- Part 1: Foundations of Incident Response and Digital Forensics
- Chapter 1: Understanding Incident Response
- The IR process
- The role of digital forensics
- The IR framework
- The IR charter
- CSIRT team
- The IR plan
- Incident classification
- The IR playbook/handbook
- Escalation process
- Testing the IR framework
- Summary
- Questions
- Further reading
- Chapter 2: Managing Cyber Incidents
- Engaging the incident response team
- CSIRT engagement models
- Investigating incidents
- The CSIRT war room
- Communications
- Rotating staff
- SOAR
- Incorporating crisis communications
- Internal communications
- External communications
- Public notification
- Incorporating containment strategies
- Getting back to normal
- eradication, recovery, and post-incident activity
- Summary
- Questions
- Further reading
- Chapter 3: Fundamentals of Digital Forensics
- An overview of forensic science
- Locard's exchange principle
- Legal issues in digital forensics
- Law and regulations
- Rules of evidence
- Forensic procedures in incident response
- A brief history of digital forensics
- The digital forensics process
- The digital forensics lab
- Summary
- Questions
- Further reading
- Chapter 4: Investigation Methodology
- An intrusion analysis case study: The Cuckoo's Egg
- Types of incident investigation analysis
- Functional digital forensic investigation methodology
- Identification and scoping
- Collecting evidence
- The initial event analysis
- The preliminary correlation
- Event normalization
- Event deconfliction
- The second correlation
- The timeline
- Kill chain analysis
- Reporting
- The cyber kill chain
- The diamond model of intrusion analysis
- Diamond model axioms
- A combined diamond model and kill chain intrusion analysis
- Attribution
- Summary
- Questions
- Part 2: Evidence Acquisition
- Chapter 5: Collecting Network Evidence
- An overview of network evidence
- Preparation
- A network diagram
- Configuration
- Firewalls and proxy logs
- Firewalls
- Web application firewalls
- Web proxy servers
- NetFlow
- Packet capture
- tcpdump
- WinPcap and RawCap
- Wireshark
- Evidence collection
- Summary
- Questions
- Further reading
- Chapter 6: Acquiring Host-Based Evidence
- Preparation
- Order of volatility
- Evidence acquisition
- Evidence collection procedures
- Acquiring volatile memory
- FTK Imager
- WinPmem
- RAM Capturer
- Virtual systems
- Acquiring non-volatile evidence
- FTK obtaining protected files
- The CyLR response tool
- Kroll Artifact Parser and Extractor
- Summary
- Questions
- Further reading
- Chapter 7: Remote Evidence Collection
- Enterprise incident response challenges
- Endpoint detection and response
- Velociraptor overview and deployment
- Velociraptor server
- Velociraptor Windows collector
- Velociraptor scenarios